Internet Indirection Infrastructure (i3) Status – Summer ‘03 Ion Stoica UC Berkeley June 5, 2003.

Slides:



Advertisements
Similar presentations
Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.
Advertisements

Internet Indirection Infrastructure (i3 ) Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Surana UC Berkeley SIGCOMM 2002 Presented by:
Computer Networking A Top-Down Approach Chapter 4.7.
Internetworking II: MPLS, Security, and Traffic Engineering
CSCI 4550/8556 Computer Networks Comer, Chapter 22: The Future IP (IPv6)
Re-Thinking Internet Architecture
Implementing Inter-VLAN Routing
Internet Indirection Infrastructure Presented in by Jayanthkumar Kannan On 09/17/03.
UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.
1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday C. Today I³SI³HIPHI³.
Host Mobility Using an Internet Indirection Infrastructure by Shelley Zhuang, Kevin Lai, Ion Stoica, Randy Katz, Scott Shenker presented by Essi Vehmersalo.
I3 Status Ion Stoica UC Berkeley Jan 13, The Problem Indirection: a key technique in implementing many network services,
Supporting Legacy Applications in Associative Overlay Networks Shelley Zhuang, Ion Stoica {shelleyz, Sahara Retreat January 16-18,
Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.
Internet Indirection Infrastructure Ion Stoica and many others… UC Berkeley.
10/31/2007cs6221 Internet Indirection Infrastructure ( i3 ) Paper By Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Sharma Sonesh Sharma.
15-441: Computer Networking Lecture 26: Networking Future.
CS 268: Active Networks Ion Stoica May 6, 2002 (* Based on David Wheterall presentation from SOSP ’99)
Criticisms of I3 Jack Lange. General Issues ► Design ► Performance ► Practicality.
Criticisms of I3 Zhichun Li. General Issues Functionality Security Performance Practicality If not significant better than existing schemes, why bother?
3-1 Distributed Hash Tables CS653, Fall Implementing insert/retrieve: distributed hash table (DHT) r Hash table m data structure that maps “keys”
CS 268: Lecture 5 (Project Suggestions) Ion Stoica February 6, 2002.
Internet Indirection Infrastructure Ion Stoica UC Berkeley.
I3 Update Ion Stoica and many others… UC Berkeley January 10, 2005.
Exploring Tradeoffs in Failure Detection in P2P Networks Shelley Zhuang, Ion Stoica, Randy Katz HIIT Short Course August 18-20, 2003.
PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.
Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences University of California, Berkeley Berkeley,
Shivkumar KalyanaramanRensselaer Q1-1 ECSE-6600: Internet Protocols Quiz 1 Time: 60 min (strictly enforced) Points: 50 YOUR NAME: Be brief, but DO NOT.
Exploring Tradeoffs in Failure Detection in P2P Networks Shelley Zhuang, Ion Stoica, Randy Katz Sahara Retreat January, 2003.
CS 268: Project Suggestions Ion Stoica February 6, 2003.
Exploring Tradeoffs in Failure Detection in P2P Networks Shelley Zhuang, Ion Stoica, Randy Katz Sahara Retreat June 4-6, 2003.
A Real-Time Video Multicast Architecture for Assured Forwarding Services Ashraf Matrawy, Ioannis Lambadaris IEEE TRANSACTIONS ON MULTIMEDIA, AUGUST 2005.
Internet Indirection Infrastructure Ion Stoica UC Berkeley June 10, 2002.
1 Network Layer: Host-to-Host Communication. 2 Network Layer: Motivation Can we built a global network such as Internet by extending LAN segments using.
Internet Indirection Infrastructure Slides thanks to Ion Stoica.
1 Routing as a Service Karthik Lakshminarayanan (with Ion Stoica and Scott Shenker) Sahara/i3 retreat, January 2004.
CS 268: Overlay Networks: Distributed Hash Tables Kevin Lai May 1, 2001.
CS 268: Lecture 25 Internet Indirection Infrastructure Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Or, Providing Scalable, Decentralized Location and Routing Network Services Tapestry: Fault-tolerant Wide-area Application Infrastructure Motivation and.
Indirection Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm Slides.
Towards a More Functional and Secure Network Infrastructure Dan Adkins, Karthik Lakshminarayanan, Adrian Perrig (CMU), and Ion Stoica.
Internet Indirection Infrastructure (i3) Ion Stoica Daniel Adkins Shelley Zhuang Scott Shenker Sonesh Surana (Published in SIGCOMM 2002) URL:
Internet Indirection Infrastructure (i3) Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Surana UC Berkeley SIGCOMM 2002.
Towards a New Naming Architectures
Presentation Title Subtitle Author Copyright © 2002 OPNET Technologies, Inc. TM Introduction to IP and Routing.
Internet Indirection Infrastructure Ion Stoica April 16, 2003.
Internet Indirection Infrastructure Ion Stoica et. al. SIGCOMM 2002 Presented in CIS700 by Yun Mao 02/24/04.
ON DESIGING END-USER MULTICAST FOR MULTIPLE VIDEO SOURCES Y.Nakamura, H.Yamaguchi, A.Hiromori, K.Yasumoto †, T.Higashino and K.Taniguchi Osaka University.
Information-Centric Networks07a-1 Week 7 / Paper 1 Internet Indirection Infrastructure –Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh.
CS332, Ch. 26: TCP Victor Norman Calvin College 1.
Impact of Topology on Overlay Multicast Suat Mercan.
CS 453 Computer Networks Lecture 18 Introduction to Layer 3 Network Layer.
Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences University of California, Berkeley Berkeley,
Multimedia & Mobile Communications Lab.
EE 122: Lecture 15 (Quality of Service) Ion Stoica October 25, 2001.
CS 268: Project Suggestions Ion Stoica January 26, 2004.
Information-Centric Networks Section # 7.1: Evolved Addressing & Forwarding Instructor: George Xylomenos Department: Informatics.
CS 6401 Overlay Networks Outline Overlay networks overview Routing overlays Resilient Overlay Networks Content Distribution Networks.
Internet Indirection Infrastructure Ion Stoica UC Berkeley Nov 14, 2005.
Internet Indirection Infrastructure (i3) Ion Stoica Daniel Adkins Shelley Zhuang Scott Sheker Sonesh Surana Presented by Kiran Komaravolu.
Fabric: A Retrospective on Evolving SDN Presented by: Tarek Elgamal.
Multiprotocol Label Switching (MPLS) Routing algorithms provide support for performance goals – Distributed and dynamic React to congestion Load balance.
Network Processing Systems Design
I3 and Active Networks Supplemental slides Aditya Akella 03/23/2007.
Internet Indirection Infrastructure (i3)
Internet Indirection Infrastructure
Internet Indirection Infrastructure
Staged Refresh Timers for RSVP
EE 122: Lecture 22 (Overlay Networks)
Presentation transcript:

Internet Indirection Infrastructure (i3) Status – Summer ‘03 Ion Stoica UC Berkeley June 5, 2003

Collaborators Students: –Daniel Adkins –Karthik Lakshminarayanan –Ananth Rajagopala-Rao –Sonesh Surana –Shelley Zhuang Postdocs: –Kevin Lai Faculty: –Randy Katz –Scott Shenker

What is i3? A highly efficient name-based routing implemented as an overlay network IP router i3 node

Communication Abstraction Each packet is associated an identifier id To receive a packet with identifier id, receiver R maintains a trigger ( id, R) into the overlay network SenderReceiver (R) idR trigger send(id, data) send(R, data)

Service Model API –sendPacket( p ); –insertTrigger( t ); –removeTrigger( t ) // optional Best-effort service model (like IP) Triggers are periodically refreshed by end- hosts Reliability, congestion control, and flow- control implemented at end-hosts

What Does i3 Support? Mobility Multicast Anycast Service composition

Mobility Host just needs to update its trigger as it moves from one subnet to another Sender Receiver (R1) idR1 send(id,data) send(R1, data)

Mobility Host just needs to update its trigger as moves from one subnet to another Sender Receiver (R2) idR2 send(id,data) send(R2, data)

Multicast Unifies multicast and unicast abstractions –Multicast: receivers insert triggers with the same identifier An application can dynamically switch between multicast and unicast Sender Receiver (R1)idR1 send(id,data) send(R1, data) Receiver (R2) idR2 send(R2, data)

Anycast Generalize the matching scheme used to forward a packet –Until now we assumed exact matching Next, we assume: –Longest prefix matching (LPM) using a prefix larger than a predefined constant l to avoid collisions In the current implementation: ID length, m = 256, l = 128

Anycast (cont’d) Anycast is simply a byproduct of the new matching scheme, e.g., –Each receiver R i in the anycast group inserts IDs with the same prefix p and a different suffix s i Sender Receiver (R1) p|s 1 R1 send(p|a,data) Receiver (R2) p|s 2 R2 p|s 3 R3 Receiver (R3) send(R1,data)

Service Composition Use a stack of IDs to encode the successions of operations to be performed on data Advantages –Don’t need to configure path –Load balancing and robustness easy to achieve Sender (MPEG) Receiver R (JPEG) id_ MPEG/JPEG S_ MPEG/JPEG id R send((id_ MPEG/JPEG,id), data) S_ MPEG/JPEG send(id, data) send(R, data)

What We’ve Done Since Summer? Security (see Dan’s talk) –Preliminary solution presented at last retreat Shared overlay infrastructure (see Karthik’s talk) Robustness: fast detection of i3 node failures (see Shelley’s talk) –Preliminary solution presented at last retreat

What We’ve Done Since Summer?  Security Shared overlay infrastructure Robustness

Security Develop a complete solution to protect against IP level denial of service attacks Show that a communication infrastructure can provide both more functionality and security than Internet

Design Principles 1)Hide IP address 2)Give end-hosts ability to stop the attack in the infrastructure 3)Make sure that proposed solution does not introduce new security vulnerabilities

1) Hide IP Address Enable end-hosts to communicate without revealing their IP address –Otherwise, hosts are vulnerable to IP level flooding attacks i3 trivially implement this principle as data is exchanged via IDs not IP addresses SenderReceiver (R) idR trigger send(id, data) send(R, data)

2) Enable End-hosts to Defend In general, end-hosts are in best position to detect when they are under attack –E.g., flash-crowd vs. DoS, SYN attack Once an end-host detects an attack, it should be able to stop/redirect the offending traffic before it arrives at its inbound connection With i3 end-hosts can –Stop traffic by removing the trigger under attack –Route around a region of i3 under attack by moving triggers around –Implement access control for multicast

Example: Avoid Collateral Damage Two services shares the same connection to the Internet If one service is under attack, the user can save the other one (not possible in the Internet) id ATM S1 Web server (S2) Customer (C) id WEB S Attacker (A) ATM server (S1) Bank Company

3) Avoid New Vulnerabilities Use light-weight techniques to –Avoid cycles –Confluences –Eavesdropping –Dead ends Properties –Most of techniques involves only control plane  no impact on data plane efficiency –Minimal impact on i3 functionality

What We’ve Done Since Summer? Security  Shared overlay infrastructures Robustness

Shared Overlay Infrastructure Problem: Today’s overlay networks –Mostly independent efforts –Sharing happens mainly at the hardware level (e.g., Planetlab) Goal: Propose a shared generic overlay infrastructure to support a variety of functionalities Solution: Overlay architecture that exports only two primitives (implemented using i3) –Path selection: similar to source routing –Packet replication

What Can We Do With These Primitives? Routing control Coarse grained data manipulation Measurements – estimate performance between any two overlay nodes using only the two primitives –RTT –Unidirectional loss rate –Available bandwidth –Bottleneck capacity

Architecture Weather Service 1 Weather Service 2 Client A Client D Client B Network measurements Query/reply routing info. Setup routes Client C

What We’ve Done Since Summer? Security Shared overlay infrastructure  Robustness

Robustness Use cooperative algorithms to reduce time to detect a node failure –Same message overhead as a simple keep- alive alg. Can achieve recovery times on the order of a few RTTs –Bottleneck in practice: the time it takes to make sure that a node has failed with high probability

Conclusions Indirection, key primitive to support –Basic communication abstractions, e.g., multicast, anycast, mobility –Improve end-host security This research advocates for: –Leaving IP do what is doing best: point-to-point unicast communication –Building an efficient Indirection Layer on top of IP Applications so far –Mobility with support for legacy applications –Large scale multicast –Primitives for shared overlay infrastructure

Future Work Use i3 as a substrate for web services –E.g., routing XML queries Multiple providers environment –Economic model, policies

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.