SNAMP: Secure Namespace Mapping to Scale NDN Forwarding Alex Afanasyev (University of California, Los Angeles) Cheng Yi (Google) Lan Wang (University of.

Slides:

Advertisements

Similar presentations

Why do current IP semantics cause scaling issues? −Today, “addressing follows topology,” which limits route aggregation compactness −Overloaded IP address.

Advertisements

Hierarchical Routing Architecture Introduction draft-xu-rrg-hra-00.txt Routing Research Group Xiaohu XU

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

TCOM 509 – Internet Protocols (TCP/IP) Lecture 06_b Subnetting,Supernetting, CIDR IPv6 Instructor: Dr. Li-Chuan Chen Date: 10/06/2003 Based in part upon.

CSE331: Introduction to Networks and Security Lecture 8 Fall 2002.

NDN in Local Area Networks Junxiao Shi The University of Arizona

Authors: Alexander Afanasyev, Priya Mahadevany, Ilya Moiseenko, Ersin Uzuny, Lixia Zhang Publisher: IFIP Networking, 2013 (International Federation for.

Addressing operational challenges in Named Data Networking through NDNS distributed database Wednesday, September 18 th, 2013 Alexander Afanasyev

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,

An Engineering Approach to Computer Networking

MOBILITY SUPPORT IN IPv6

Transition Mechanisms for Ipv6 Hosts and Routers RFC2893 By Michael Pfeiffer.

Routing Security in Ad Hoc Networks

Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Exterior Gateway Protocols: EGP, BGP-4, CIDR Shivkumar Kalyanaraman Rensselaer Polytechnic Institute.

Guide to TCP/IP Fourth Edition

Research on IP Anycast Secure Group Management Wang Yue Network & Distribution Lab, Peking University Network.

Forwarding Hint in NFD Junxiao Shi,

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 4: Addressing in an Enterprise Network Introducing Routing and Switching in the.

Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.

1 Internet Protocol: Forwarding IP Datagrams Chapter 7.

Ad Hoc Networking via Named Data Michael Meisel, Vasileios Pappas, and Lixia Zhang UCLA, IBM Research MobiArch’10, September 24, Shinhaeng.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing in an Enterprise Network Introducing Routing and Switching in the.

Lecture 8 Page 1 Advanced Network Security Review of Networking Basics: Internet Architecture, Routing, and Naming Advanced Network Security Peter Reiher.

NFD forwarding pipelines Junxiao Shi,

October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.

LISP-Multicast draft-farinacci-lisp-multicast-00.txt Dino Farinacci, Dave Meyer, John Zwiebel, Stig Venaas IETF Dublin - July 2008.

DMAP : Global Name Resolution Services Through Direct Mapping Tam Vu, Akash Baid WINLAB, Rutgers University (Joint.

Module 3: Designing IP Addressing. Module Overview Designing an IPv4 Addressing Scheme Designing DHCP Implementation Designing DHCP Configuration Options.

Martin-1 CSE 5810 CSE 5810 Individual Research Project: Integration of Named Data Networking for Improved Healthcare Data Handling Robert Martin Computer.

HAIR: Hierarchical Architecture for Internet Routing Anja Feldmann TU-Berlin / Deutsche Telekom Laboratories Randy Bush, Luca Cittadini, Olaf Maennel,

Interest NACK Junxiao Shi, Introduction Interest NACK, aka "negative acknowledgement", is sent from upstream to downstream to inform that.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing in an Enterprise Network Introducing Routing and Switching in the.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 4: Addressing in an Enterprise Network Introducing Routing and Switching in the.

Chapter 9. Implementing Scalability Features in Your Internetwork.

LISP BOF, IETF Dublin, July, 2008 Vince Fuller (for the LISP crew) LISP+ALT Mapping System.

Let’s ChronoSync: Decentralized Dataset State Synchronization in Named Data Networking Zhenkai Zhu Alexander Afanasyev (presenter) Tuesday, October 8,

Interdomain multicast routing with IPv6 Stig Venaas University of Southampton Jerome Durand RENATER Mickael Hoerdt University Louis Pasteur - LSIIT.

Multimedia & Mobile Communications Lab.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Outline Introduction Existing solutions for ad hoc

1 Evolution Towards Global Routing Scalability draft-zhang-evolution-01 Varun Khare Beichuan Zhang

ICN Packet Format Design Requirements presented by Alex Afanasyev Alex Afanasyev (UCLA), Ravi Ravindran (Huawei), GQ Wang (Huawei), Lan Wang (University.

IPv6 Site-Local Discussion Bob Hinden & Margaret Wasserman IETF 56 San Francisco March 2003.

Mar del Plata, Argentina, 31 Aug – 1 Sep 2009 ITU-T Kaleidoscope 2009 Innovations for Digital Inclusion Ved P. Kafle, Hideki Otsuki, and Masugi Inoue National.

Ασύρματες και Κινητές Επικοινωνίες Ενότητα # 10: Mobile Network Layer: Mobile IP Διδάσκων: Βασίλειος Σύρης Τμήμα: Πληροφορικής.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 6: Static Routing Routing and Switching Essentials.

+ Routing Concepts 1 st semester Objectives  Describe the primary functions and features of a router.  Explain how routers use information.

Network Mobility (NEMO) Advanced Internet 2004 Fall

Separating Location from Identification Dino Farinacci March 3, 2008.

Mobile IP 순천향대학교 전산학과 문종식

Shrinking and Controlling Routing Table Size Xinyang (Joy) Zhang Paul Francis Jia Wang Kaoru Yoshida.

: MobileIP. : r Goal: Allow machines to roam around and maintain IP connectivity r Problem: IP addresses => location m This is important for efficient.

Mobile IP THE 12 TH MEETING. Mobile IP  Incorporation of mobile users in the network.  Cellular system (e.g., GSM) started with mobility in mind. 

IDR WG, IETF Dublin, August, 2008 Vince Fuller (for the LISP crew) LISP+ALT Mapping System.

Routing and Addressing in Next-Generation EnteRprises (RANGER)

Named Data Networking – A Future Internet Architecture

Mobile Networking (I) CS 395T - Mobile Computing and Wireless Networks

Evolution Towards Global Routing Scalability

NFD forwarding pipelines

Chapter 3: Dynamic Routing

Improving the Freshness of NDN Forwarding States

Fuzzy Interest Forwarding

Chapter 2: Static Routing

10th International Conference on Telecommunication, ICT’2003,

Static Routing 2nd semester

Presentation transcript:

SNAMP: Secure Namespace Mapping to Scale NDN Forwarding Alex Afanasyev (University of California, Los Angeles) Cheng Yi (Google) Lan Wang (University of Memphis) Beichuan Zhang (University of Arizona) Lixia Zhang (University of California, Los Angeles) 18th IEEE Global Internet Symposium (GI 2015) April 27, 2015

NDN overview: basics Two types of packets – Interest packet name nonce optional selectors – Data packet name content signature Names defined by applications – /net/ndnsim/www/index.html/... 2 Name Selectors (opt) Nonce Name Selectors (opt) Nonce Interest packet Name Content Signature Name Content Signature Data packet

NDN overview NDN separates – objective of retrieving – specifics of how to do it Interest names exactly what to fetch – matching (secured) Data is retrieved by the network – from caches, in-network storage, or data producers 3 Interest In-network storage Caches Data

Problem NDN forwards interest by data names – over 200 million just 2 nd -level DNS names – number of all names applications would use are several orders of magnitude larger, if not infinite – even with all hierarchical aggregation, still too many names How to scale NDN forwarding tables? 4

Solution Secure Namespace Mapping (SNAMP) – To cross transit network, names may need to get mapped to (a set of) another names – Interests will carry additional names to guide forwarding process Based on map-n-encap idea – proposed many years back to scale IP routing globally routable and non-routable addresses DNS to map IP-IP encapsulation to forward packets 5 S. Deering. “The Map & Encap Scheme for scalable IPv4 routing with portable site prefixes.” Presentation Xerox PARC, M. O’Dell. “8+8—An alternate addressing architecture for IPv6.” Internet draft (draft-odell ), D. Farinacci. “Locator/ID separation protocol (LISP).” Internet draft (draft-farinacci-lisp-00), R. Atkinson, S. Bhatti, and S. Hailes. “ILNP: mobility, multihoming, localized addressing and security through naming.” Telecommunication Systems, 42(3), map / encapsulate User Networks Transit networks

General Goals Keep the forwarding (routing) table size under control – what goes to the table will be determined by popularity of the data network operation practices tradeoffs between network functionality and cost Avoid any changes for NDN apps semantics – no changes to naming of the data units – no changes to apps 6

A Few Terms FIB – forwarding information base (~routing table) DFZ – default free zone (core transit network) Namespace delegation – owner of namespace endorses that interests for the data in the namespace can be satisfied if forwarded towards another namespace (/net/ndnsim) -> (/telia/latvia/terabits) LINK object or just LINK – collection of delegations with preferences from the same namespace (/net/ndnsim) -> (/telia/latvia/terabits 100; /ucla/cs 10) 7

System Overview 8

More Design Goals and Considerations Do not require routers lookup mapping Do not require changes to the application – a local agent (local NFD?) or an application library performs lookup when needed Invoke mechanism only when necessary – A lot of communication is expected to be local and ad hoc 9

Data Retrieval with SNAMP (1) 10

Data Retrieval with SNAMP (2) 11

Data Retrieval with SNAMP (3) 12

Multiple Delegations in the LINK Object Reasons – Producer multihoming – Replicated dataset Impact on interest forwarding – NDN network is supposed to forward interests towards “closest” data available – End-hosts/consumer-networks don’t have knowledge which is “closer” can pick at random and learn over time – DFZ routers have routing and data plane performance parameters informed choice 13

Data Retrieval with SNAMP (summary) 14

Discovery of the LINK Object Pre-configured knowledge Application-level exchange – Real-time producer can “give” a new link to consumers, when changes occur – LINK can be “sync”ed up Discovery using infrastructure support – NDNS (DNS for NDN, data/ndns) data/ndns 15

Simplified Picture of NDNS Lookup* 16 * Real NDNS lookup includes discovery of NS records and key records to verify validity of the data

“Devils are in Details” 17

“Evil” Details Format of LINK and how it is included in the Interest Modification of interest forwarding – Impact on processing time/complexity – Possible optimizations Effects on caches – Resiliency to content poisoning – Cache effectiveness 18

Format and Use of LINK Object 19

Updated Interest Forwarding If LINK not present – apply standard NDN interest forwarding logic – return NACK/no-route if interest cannot be forwarded if LINK present – (if router choses so) verify validity of the link – if LINK includes name of the “own network” apply standard NDN interest forwarding logic – Lookup LINK delegations in FIB, select “best”, and forward 20

Example of Interest Forwarding 21 /net/ndnsim is registered with UCLA CS router /net/ndnsim is registered with UCLA CS router /ucla/cs/www /ucla/cs/... /net/ndnsim default FIB

Example of Interest Forwarding 22 /telia 100 /ucla 10 FIB /telia 100 /ucla 10 FIB /telia 100 /ucla 10 FIB /telia 100 /ucla 10 FIB /net/ndnsim/www/index.html + /net/ndnsim/www => - /ucla/cs, 1 - /telia/terabits, 1

Example of Interest Forwarding 23 /telia 100 /ucla 10 FIB /telia 100 /ucla 10 FIB /telia 100 /ucla 10 FIB /telia 100 /ucla 10 FIB /net/ndnsim/www/index.html + /net/ndnsim/www => - /ucla/cs, 1 - /telia/terabits, 1

Example of Interest Forwarding 24 /ucla/cs/www /ucla/cs/... /net/ndnsim default FIB /net/ndnsim/www/index.html + /net/ndnsim/www => - /ucla/cs, 1 - /telia/terabits, 1 Own Network /ucla/cs

“Own Network” Concept Routers need to know to which network(s) they belong – configuration – automatic discovery Until interest reaches “own” network – can be satisfied from cache based on name of the interest – forwarded strictly using LINK, even if interest name is in the forwarding table need to allow /ucla/cs/alex/homepage to be hosted outside UCLA 25

Processing Optimization When LINK present and router makes forwarding decision based on non-default route – decision can be recorded and upstream routers can just use it “SelectedDelegation” 26

Effects on Caches Resiliency to content poisoning – When data packets cached, it must be associated with LINK that used – For interest to match cached item, both name and LINK must match Even when routers don’t very LINKs, malicious injected data does not effect legitimate users Cache effectiveness – “Normally” there is a single legitimate LINK No change to cache effectiveness 27

Tradeoffs for the Updated Forwarding Gains – Routing table is under control – Routers make conscious decisions on where to forward interest Issues – increased complexity per-interest processing multiple FIB lookups 28

Thanks 29