Presentation is loading. Please wait.

Presentation is loading. Please wait.

Naming 15-744 Dave Andersen. Lecture warning ● Think “lots of in-class paper discussion” today.

Published byPaulina Baker Modified over 7 years ago

Similar presentations

Presentation on theme: "Naming 15-744 Dave Andersen. Lecture warning ● Think “lots of in-class paper discussion” today."— Presentation transcript:

1 Naming 15-744 Dave Andersen

2 Lecture warning ● Think “lots of in-class paper discussion” today

3 Re-thinking Naming and Binding ● One of the fundamental aspects of network architecture: How do you name services and endpoints? ● Today: IP addresses (hierarchical topological identifiers) and DNS names (hierarchical human-readable names). – Loose binding between the two ● What properties might we want in names?

4 Scope ● Global scope / validity / reachability – Why? Transitive use. A says to B “for a good time, call C”. Only works if A and B see the same name for C. ● Real world example: p2p routing and searching ● contacting hosts behind NATs ● Note distinction between a NAT and a firewall, though they actually couple the two

5 Coupling ● Is the “name” involved in every packet, or is it resolved once into an IP address? – DNS -> IP once – Consequences: ● Efficient! Naming gets out of the way ● Loses control after connection establishment – Can't do Mobile IP by just changing DNS names

6 Control, Timescales, Granularity ● Who can update a name binding? ● What's the timescale of updates? ● What's the granularity of naming? ● Old DNS: – DNS admin; human; one or a few machines ● Dynamic DNS – Owner of machine; seconds?; one or a few machines

7 Context ● “Middleboxes” -- NATs, firewalls, etc. – Fragmented address space (lots of hosts in private space) – No inbound connections – May interpose on actual communication (and restrict or break it accidentally) ● Tough evolution – IP is popular: blessing and curse! – One change to make future change easier?

8 DHT reminder ● i3 and DOA both suppose the existence of a flat name resolution architecture – Massive scale (billions of entries) – Fast, Scalable, secure, cost effective... ● DHTs suggest that we can build such an infrastructure (networking sci-fi...), but – Serious security challenges ● Malicious participants, secure node ID assignment, dropping messages... – Let's forget about them for today!

9 Flat names? – No semantic meaning: 160 bit numbers – No hierarchy ● Nice: Doesn't restrict things it names ● Doesn't have DNS-like politics – Assumption: The infrastructure exists ● And is funded, etc., etc. – But: ● Not very user-friendly (probably still want DNS... or Google) ● Sacrifice locality

10 Self-Certifying Names ● Common combination: – Flat naming – Self-certifying naming ● Self-foo? – ID = Hash(Public Key) – Can verify ● Ownership, uniqueness, etc. ● With no external infrastructure binding ID->Key ● DOA uses, i3 doesn't (no apparent reason)

11 i3: Rendezvous-based ● Tightly coupled: resolve “name” on every packet. – Think back to Mobile IP discussion ● Some extra tricks that we'll talk about in a second

12 DOA: Delegation ● Two parts, really: – A HIP-like (host identity protocol) Endpoint ID (EID) mechanism ● Globally unique ● Resolution infrastructure resolves EID -> IP – Other cool stuff for delegating ● Major difference: i3 sits on every packet – Fundamental? trade: Can do more to ongoing connections, increases stretch

13 Delegation & Stacks ● Fundamentally different thing: – Stacks of addresses ● Resolve nameA -> nameB -> nameC -> EID ● i3 throws in a twist: – NameA -> {B, C}... ● (Note that these are used in other contexts and previous systems, but these systems integrate them nicely with Internet. MPLS at below-IP layer.)

14 Off-Path Firewalls

15 Globally Unique Identifiers for Hosts Location-independent, flat, big namespace Hash of a public key These are called EIDs (e.g., 0xf12abc…) Carried in packets DOA hdr IP hdr transport hdr body source EID destination EID Slide Credit: Michael Walfish

16

17 Off-path Firewall: Benefits Simplification for end-users who want it  Instead of a set of rules, one rule:  “Was this packet vetted by my FW provider?” Firewall can be anywhere, leading to:  Third-party service providers  Possible market for such services  Providers keeping abreast of new applications Note: Many things that DOA enables can be done in other ways. Goal is a unified mechanism. (slide: mostly walfish)

18 DOA and i3 can... ● Service composition – Dave -> { transcoding proxy, Dave's EID } – Transcoding: Transformation and encoding changes, e.g., downsample images for handheld

19 i3: Dealing with Interposition ● Aggressive caching of DHT nodes – Only do log(N) hops on first lookup; 1-indirect after ● An i3 node must be on path to have all of the i3 benefits – Private triggers – Like picking an EID for a connection – Goal: Reduced stretch (could even do RON-like tricks)

20 Mobility via Interposition ● Mobility – Easy! Update trigger ● Like mobile IP, really, but with ability to negotiate an intermediary near the path\

21 i3 multicast ● All members register trigger with same id – (security?) ● For scale, must use a hierarchy of triggers – (a -> {b,m} b->{c,z}... ) – Getting it right is pretty complicated – But it's a cool primitive to think about ● Anycast

22 So? ● Flat naming is an interesting hammer – Very worthwhile exercise to consider, even if not adopted ● Many serious challenges were one to really use i3: security, real usability, the real costs of all that indirection... ● Fewer with DOA, but many of the same security issues ● Worth it?

Download ppt "Naming 15-744 Dave Andersen. Lecture warning ● Think “lots of in-class paper discussion” today."

Similar presentations

Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.

Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.
Internet Indirection Infrastructure (i3 ) Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Surana UC Berkeley SIGCOMM 2002 Presented by:

Internet Indirection Infrastructure (i3 ) Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Surana UC Berkeley SIGCOMM 2002 Presented by:
Internet Area IPv6 Multi-Addressing, Locators and Paths.

Internet Area IPv6 Multi-Addressing, Locators and Paths.
Michael Walfish, Jeremy Stribling, Maxwell Krohn, Hari Balakrishnan, Robert Morris, and Scott Shenker * 7 December 2004 MIT Computer Science and AI Lab.

Michael Walfish, Jeremy Stribling, Maxwell Krohn, Hari Balakrishnan, Robert Morris, and Scott Shenker * 7 December 2004 MIT Computer Science and AI Lab.
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
IPv6 at NCAR 8/28/2002. Overview What is IPv6? What’s wrong with IPv4? Features of IPv6 IPv6 will soon be available at NCAR How to use IPv6.

IPv6 at NCAR 8/28/2002. Overview What is IPv6? What’s wrong with IPv4? Features of IPv6 IPv6 will soon be available at NCAR How to use IPv6.
124.09.2012 1 Lecture 5 - Routing On the Flat Labels M.Sc Ilya Nikolaevskiy Helsinki Institute for Information Technology (HIIT)

Lecture 5 - Routing On the Flat Labels M.Sc Ilya Nikolaevskiy Helsinki Institute for Information Technology (HIIT)
1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday 26.09.2005 C. Today I³SI³HIPHI³.

1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday C. Today I³SI³HIPHI³.
An Engineering Approach to Computer Networking

An Engineering Approach to Computer Networking
Internet Indirection Infrastructure Ion Stoica and many others… UC Berkeley.

Internet Indirection Infrastructure Ion Stoica and many others… UC Berkeley.
10/31/2007cs6221 Internet Indirection Infrastructure ( i3 ) Paper By Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Sharma Sonesh Sharma.

10/31/2007cs6221 Internet Indirection Infrastructure ( i3 ) Paper By Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Sharma Sonesh Sharma.
Internet Indirection Infrastructure Ion Stoica UC Berkeley.

Internet Indirection Infrastructure Ion Stoica UC Berkeley.
Rethink the design of the Internet CSCI 780, Fall 2005.

Rethink the design of the Internet CSCI 780, Fall 2005.
CS 268: Project Suggestions Ion Stoica February 6, 2003.

CS 268: Project Suggestions Ion Stoica February 6, 2003.
Indirection Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm Slides.

Indirection Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm Slides.
Internet Indirection Infrastructure (i3) Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Surana UC Berkeley SIGCOMM 2002.

Internet Indirection Infrastructure (i3) Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Surana UC Berkeley SIGCOMM 2002.
Towards a New Naming Architectures

Towards a New Naming Architectures
A Layered Naming Architecture for the Internet Hari Balakrishnan, Karthik Lakshminarayanan, Sylvia Ratnasamy, Scott Shenker, Ion Stoica, Michael Walfish.

A Layered Naming Architecture for the Internet Hari Balakrishnan, Karthik Lakshminarayanan, Sylvia Ratnasamy, Scott Shenker, Ion Stoica, Michael Walfish.
Network Layer (3). Node lookup in p2p networks Section 5.2.11 in the textbook. In a p2p network, each node may provide some kind of service for other.

Network Layer (3). Node lookup in p2p networks Section in the textbook. In a p2p network, each node may provide some kind of service for other.
Information-Centric Networks07a-1 Week 7 / Paper 1 Internet Indirection Infrastructure –Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh.

Information-Centric Networks07a-1 Week 7 / Paper 1 Internet Indirection Infrastructure –Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh.

Similar presentations

Ads by Google