Network Support for Sharing. 2 CABO: Concurrent Architectures are Better than One No single set of protocols or functions –Different applications with.

Slides:



Advertisements
Similar presentations
Building Fast, Flexible Virtual Networks on Commodity Hardware Nick Feamster Georgia Tech Trellis: A Platform for Building Flexible, Fast Virtual Networks.
Advertisements

Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.
Architectural Approaches to Multi-Homing for IPv6 A Walk-Through of draft-huston-multi6-architectures-00 Geoff Huston June 2004.
SHIM6 Update Geoff Huston Kurtis Lindqvist SHIM6 co-chairs.
1 An Update on Multihoming in IPv6 Report on IETF Activity IPv6 Technical SIG 1 Sept 2004 APNIC18, Nadi, Fiji Geoff Huston.
Security Issues In Mobile IP
Path Splicing with Network Slicing
Network Virtualization Nick Feamster, Georgia Tech Lixin Gao, UMass Amherst Jennifer Rexford, Princeton NSF NeTS-FIND PI Meeting.
Data-Plane Accountability with In-Band Path Diagnosis Murtaza Motiwala, Nick Feamster Georgia Tech Andy Bavier Princeton University.
Research Summary Nick Feamster. The Big Picture Improving Internet availability by making networks easier to operate Three approaches –From the ground.
Cabo: Concurrent Architectures are Better than One Nick Feamster, Georgia Tech Lixin Gao, UMass Amherst Jennifer Rexford, Princeton.
Using VINI to Test New Network Protocols Murtaza Motiwala, Georgia Tech Andy Bavier, Princeton University Nick Feamster, Georgia Tech Santosh Vempala,
Network Support for Accountability Nick Feamster Georgia Tech Collaborative Response with David Andersen (CMU), Hari Balakrishnan (MIT), Scott Shenker.
IP Security Nick Feamster CS 6262 Spring IP Security have a range of application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
My Experience Writing an NSF NeTS FIND Proposal Nick Feamster Georgia Tech.
Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.
Improving Internet Availability. Availability of Other Services Carrier Airlines (2002 FAA Fact Book) –41 accidents, 6.7M departures – % availability.
1 Building a Fast, Virtualized Data Plane with Programmable Hardware Bilal Anwer Nick Feamster.
Cabo: Concurrent Architectures are Better than One Nick Feamster, Georgia Tech Lixin Gao, UMass Amherst Jennifer Rexford, Princeton.
Network Operations Research Nick Feamster
Path Splicing with Network Slicing Nick Feamster Murtaza Motiwala Santosh Vempala.
Theory Lunch. 2 Problem Areas Network Virtualization for Experimentation and Architecture –Embedding problems –Economics problems (markets, etc.) Network.
Cabo: Concurrent Architectures are Better than One Nick Feamster, Georgia Tech Lixin Gao, UMass Amherst Jennifer Rexford, Princeton.
Identifying MPLS Applications
INTRODUCTION TO NETWORK VIRTUALIZATION Mosharaf Chowdhury Member, eNVy Project Wednesday, May 14, 2008 University of Waterloo - eNVy 1.
Internet Area IPv6 Multi-Addressing, Locators and Paths.
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
IP Forwarding Relates to Lab 3.
Hierarchical Routing Architecture Introduction draft-xu-rrg-hra-00.txt Routing Research Group Xiaohu XU
Performance Evaluation of Open Virtual Routers M.Siraj Rathore
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 Future Internet Architectures: Toward an Architecture-Agnostic Architecture Jennifer Rexford Princeton University
1 Different Strokes for Different Folks (Or, How I Learned to Stop Worrying and Love Virtualization) Jennifer Rexford, Princeton University Joint work.
Postmodern Internet Architecture Defense Zhaosheng Zhu Kevin Tan.
The Future of the Internet Jennifer Rexford ’91 Computer Science Department Princeton University
Building a Strong Foundation for a Future Internet Jennifer Rexford ’91 Computer Science Department (and Electrical Engineering and the Center for IT Policy)
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
Jennifer Rexford Princeton University MW 11:00am-12:20pm SDN Software Stack COS 597E: Software Defined Networking.
WAN Technologies.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
Brief Announcement: Spoofing Prevention Method Anat Bremler-Barr Hanoch Levy computer science computer science Interdisciplinary Center Herzliya Tel-Aviv.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Morteza Yousefi University of Science & Technology of Mazandaran Network Virtualization 1 of 22 Network Virtualization.
Hosting Virtual Networks on Commodity Hardware VINI Summer Camp.
Information-Centric Networks07c-1 Week 7 / Paper 3 Accountable Internet Protocol (AIP) –Michael Walfish, Hari Balakrishnan and Scott Shenker David G. Andersen,
1 Cabo: Concurrent Architectures are Better than One Jennifer Rexford Princeton University Joint work with Nick Feamster.
1 The Internet and Networked Multimedia. 2 Layering  Internet protocols are designed to work in layers, with each layer building on the facilities provided.
Network – internet – part2  Address at diff. layers  Headers at diff. layers  Equipment at diff. layers.
Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.
A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.
COP 5611 Operating Systems Spring 2010 Dan C. Marinescu Office: HEC 439 B Office hours: M-Wd 2:00-3:00 PM.
Multimedia & Mobile Communications Lab.
An Update on Multihoming in IPv6 Report on IETF Activity RIPE IPv6 Working Group 22 Sept 2004 RIPE 49 Geoff Huston, APNIC.
Information-Centric Networks Section # 7.3: Evolved Addressing & Forwarding Instructor: George Xylomenos Department: Informatics.
Adam Bender, Neil Spring Dave Levin, Bobby Bhattacharjee University of Maryland, College Park In Proc. USENIX SRUTI, 2007 Speaker: Yun Liaw Accountability.
K. Salah1 Security Protocols in the Internet IPSec.
Fabric: A Retrospective on Evolving SDN Presented by: Tarek Elgamal.
Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.
WAN Technologies. 2 Large Spans and Wide Area Networks MAN networks: Have not been commercially successful.
Ethernet Packet Filtering - Part1 Øyvind Holmeide Jean-Frédéric Gauvin 05/06/2014 by.
Routing and Addressing in Next-Generation EnteRprises (RANGER)
Networking Devices.
Virtual LANs.
An Update on Multihoming in IPv6 Report on IETF Activity
FARA: Reorganizing the Addressing Architecture
Networking and Network Protocols (Part2)
IP Forwarding Relates to Lab 3.
Presentation transcript:

Network Support for Sharing

2 CABO: Concurrent Architectures are Better than One No single set of protocols or functions –Different applications with different needs –Multiple parties offering end-to-end services Instead, multiple networks in parallel –Virtual networks on a common substrate –Customization of the network functions

3 Separate Infrastructure from Service Infrastructure: physical infrastructure needed to build networks Service: slices of physical infrastructure from one or more providers The same entity may sometimes play these two roles.

4 CABO as a New Architecture Virtualization –Multiple logical routers on shared hardware –Resource isolation in CPU, FIBs, and bandwidth Programmability –General-purpose CPUs for control & manipulation –Network processors & FPGAs for fast forwarding Economic refactoring –Infrastructure provider: manage routers and links –Service provider: offer end-to-end services

5 VINI/Trellis Deployment Platform Lightweight containers on a single OS Each virtual host sees virtual Ethernet links Packet forwarding and traffic shaping remain outside of the container

Network Support for Accountability

7 Internet Accountability Mechanisms to identify, isolate, punish bad behavior Distinct from accounting (cf. original Clark design goals) What is it? Why might the network need to support it? Attacks on the routing system Control over traffic Tracking and mitigating malice –Spam –Botnets –Phishing

8 Facets of Internet Accountability Source: defense against address forgery Data-plane: identify faulty network elements Control-plane: identify forged routing messages Recourse to avoid faulty or malicious elements –Scalable network support for path diversity –Better mechanisms to curtail unwanted traffic

9 AIP: Accountable IP Refactoring of Internet addresses: AD:EID –AD: The autonomous domain of the host –EID: A globally unique endpoint identifier Addresses are self-certifying Why change addressing? –Forms the cornerstone of routing, forwarding, identity –Current address structure makes existing mechanisms clumsy –New structure retains simplicity at the network layer and above ADEID Hash of autonomous domains public key Globally valid endpoint identifier (cf. IPv6 CGA, HIP, etc.)

10 Source Accountability Problem: Sources can forge IP addresses –Can complete three-way handshakes (LAN spoofing) Why it matters: Complicates filtering, blacklisting. –Spam campaigns regularly have 70% fresh IP addresses Solution: Self-certification + Challenge/Response

11 Control-Plane Accountability Problem: Routing messages can be forged Why it matters: –Misconfiguration: AS 7007, ConEdison route leak –Malice: Spammers stealing address space Solution: S-BGP-style attestations + self-cert –Interdomain routing and forwarding is on Ads –The AD is the public key and the address –Eliminates the need for a mapping between IP address space and organizations

12 Data-Plane Accountability Problem: Network elements drop packets, fail, and otherwise give rise to poor performance One Solution: In-Band Path Diagnosis Routers keep track of number of packets seen per flow Each router stamps each packet with current flow counter value If current counter value does not equal routers expected packet count for that flow, router marks packet IP Header New Shim Header Transport header Method Overview

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.