1 The XIA Future Internet Architecture and its Testbed-based Evaluation Peter Steenkiste, Dave Andersen, David Eckhardt, Sara Kiesler, Jon Peha, Adrian Perrig, Srini Seshan, Marvin Sirbu, Hui Zhang Carnegie Mellon University John Byers, Boston University Bruce Maggs, Duke Aditya Akella, University of Wisconsin

What is XIA? Software prototype Usage scenarios, testbed/experiment plan 2

Problems with the IP Narrow Waist Security – no support built into the network (IP) – DOS attacks, address spoofing, routing attacks, … New usage models add complexity, overhead – Content, service networking require a level of indirection Adding functionality in the network is difficult – IPv6, multicast, caching, “transparent” middleboxes,.. Evolvability Applications Link Technologies

XIA Ideas: Multiple Principal Types Associated with different forwarding semantics – Support heterogeneity in usage and deployment models Hosts XIDs support host-based communication – who? Service XIDs allow the network to route to possibly replicated services – what does it do? – LAN services access, WAN replication, … Content XIDs allow network to retrieve content from “anywhere” – what is it? – Opportunistic caches, CDNs, … Set of principal types can evolve over time 4

XIA Ideas: Fallbacks and DAGs Introduction of a new principal type will be incremental – no “flag day”! NID:HID 5 XIA: intent and fallback address – Intent allows the network to optimize based on user intent – Fallback: guaranteed to be reachable, used if the intent “fails” – Encoded using DAGs CID …. NID:HID …. Payload Dest Src CID S Source networkInternet Destination network HID S Cache NID S

XIA Ideas: Intrinsic Security XIA uses self-certifying identifiers that guarantee security properties for communication operation – Host ID is a hash of its public key – accountability (AIP) – Content ID is a hash of the content – correctness – Does not rely on external configurations Intrinsic security is specific to the principal type: – Content XID: content is correct – Service XID: the right service provided content – Host XID: content was delivered from right host 6

Open Source XIA Release XIA Prototype released in May 2012 – Includes full XIA protocol stack, SID/CID support, utilities Being used to support evaluation, applications, services New functionality is being added regularly 7 Datalink XIA XDPXSP XChunkP Cache Chunking Xsockets Applications XHCP XCMP ARP BIND Routing

Prototype Features Full host and router protocol stack SDN-based control plane supporting routing for SIDs, HIDs, CIDs Inter domain routing for NIDs Anycast for SIDs Support for intrinsic security Mobility for new/active sessions 8

Compatibility Library XIA changes socket API – Changing apps painful Idea: apps continue to use IP addresses but they are used as IDs for an XIA address – (IP, socket) -> XIA DAG – Think: per host NAT Mapping service keeps mappings consistent Works really well – E.g., ported Firefox XIA Protocol Stack XIA Xsockets GLIBC Kernel Wrapper Application “IP as ID” sockets

Experimental Evaluation of FIAs Experiment requirements are very diverse! – Focus on core versus edge, control vs data vs both – Differences in requirements for scale, realism of topology, richness of domains, realism cross-traffic,.. – Geographic diversity is often important Shared devices/links are often fine 10

Classes of Experiments Edge centric experiments – Mobility, vehicular use case, caching, anycast, … – Need many edge networks; core can be simplified Core centric experiments – Evolvable routing, new routing protocols (e.g., Scion, BGP extensions), Internet scale trust management, … – Realistic core topology: customer-provider/peer links, many core domains; edge can be simple Some experiment stress core + edge: video distr. – Diverse edge networks: clients, CDNs, brokers, … – Core network routing and bottlenecks play big role as well 11

Large Scale Video Distribution A Video Control Plane Use XIA control and data plane to optimize and simplify video distribution with high QoE – Numbers of individual entities, and control desired, vary Will use XIA control plane and data plane features Player ISPsCDNs Content Broker Monitoring Analysis and Optimization QoE …. System Control

Extreme Mobility: Vehicular XIA Networking Support for high-speed mobility Use of SIDs and CIDs to improve efficiency Fast authentication and handoff 13

Testbed Deployment Plan Permanent XIA deployment consisting of: – Edge networks at XIA sites and simple GENI backbone – Pieces are being put in place – Must expand on-demand for specific experiments More edge and transit domains based on need Gain experience in running XIA networks, experiment with (limited versions) of two use-cases – Explore richer inter-domain experiment support in the future 14 Duke CMU BU Wisc Other Transit Edge

“Narrow Waist” of the Internet Key to its Success Has allowed Internet to grow and evolve dramatically in the last 40 years Adoption throughout society – E-commerce, social networks, cyber-physical, … Transformation usage models – Host-based → content, services Revoluti on in infrastructure – Kilobits/sec -> Terabits/sec – Copper -> fiber + wireless Applications Internet Protocol Link Technologies

Service ID: Nearest Instance Content ID: From Anywhere XIA Example: Retrieving Content 16 Service SID CID Host HID SID CID Content CID Content CID Content CID Content CID Content CID Content CID Content CID Service SID Service SID Host HID SID Host HID ID choice involves tradeoffs: Control Efficiency Trust Privacy Host ID: Same as Today

XIA Dataplane Concepts Intrinsic Security Flexible Addressing Multiple Communicating Principal Types Deal with routing “failures”Built in security forms basis for system level security Directly support diverse network usage models Evolution of principal types Customization Principal-specific security properties DAG security

Combining intent and fallback using DAGs offers flexibility for network in completing request – Also supports scoping Flexible Addressing: DAGs 19 CID S Source networkInternet Destination network HID S Cache NID S NID:HID CID …. NID:HID …. Payload Dest Src

XIA Dataplane Concepts Intrinsic Security Flexible Addressing Multiple Communicating Principal Types Deal with routing “failures”Built in security forms basis for system level security Directly support diverse network usage models

Porting Applications to XIA XIA modifies the socket API – Different address class: AF_XIA instead of AF_INET – Chunk-based communication: CID GET and PUT – Send/receive calls for byte steams and datagrams are similar to those for IP, but … – Lots of IP/TCP specific details, e.g., options Porting IP applications turned out to be exceedingly labor intensive and error prone – Well over 100 calls are used for network communications 21