Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Cracking of wireless networks wikipedia , lookup
Computer network wikipedia , lookup
Deep packet inspection wikipedia , lookup
Distributed operating system wikipedia , lookup
Backpressure routing wikipedia , lookup
Airborne Networking wikipedia , lookup
IEEE 802.1aq wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
WING PreDA: Predicate Routing for DTN Architectures over MANET The Web and InterNetworking Group Flavio Esposito [email protected] Abstract Ibrahim Matta [email protected] Predicate Routing in Action on Our UML Testbed Data [MB] e.g., direct all images captured by the camera on node S !"#$ !!!"#$%&'()$!*+,)&-.!/"0 to DTNNetwork node I (DTN) for pre-processing authorization before 1.4 We consider a Delay Tolerant whose usersand (nodes) are connected by an underlying Mobile 34+ Summary of Contributions sending them to the user at node D. !"#$%&'&(&)*&$+,-.&,&)/0/12) 1.2 Ad hoc Network (MANET) substrate. Users can declaratively express high-level policy constraints on how From the network point of view, the predicate is a set of “content” should be routed. For example, content can be directed through an intermediary DTN node 3+-4$#.$-'$!5(6$# 1 rules that each MANET packet has to satisfy. Our system 0.8 • We provide a reliable DTN neighbor discovery for the purposes of preprocessing, authentication, etc., or content from a malicious MANET node can be "<4 !"# maps declarative user policies to such network-level routing 0.6 mechanism that leverages AODV’s HELLO mesdropped. To support such content routing at the DTN level, we implement Predicate Routing [1] where )2:& predicates. Predicates get propagated and installed as MANET0.4 !!!!!!!"#$%&'()$!*+,)&-.!1,22+#)!3+%$!!! ! sages to propagate DTN node names. The converhigh-level constraints level of DTN nodes are mapped into low-level predicates the MANET forwarding rules. Any DTN node canrouting inject, from the within 0.2 93#=" $56&($7-0*&$ gence layer of the DTN stack then maintains the application level, aarchitecture routing rule with that gets translated nodes. Our testbed uses a Linux system Userseamlessly Mode Linux to emulate )2:& every DTN node 0 0 100 200 300 400 500 mappings from DTN node names to IP (MANET) intoImplementation a MANET-levelcode. rule,Inenabling new MANET prototype, routing Time [s] with a DTN Reference our initial architecture we use the On De8&()&.$92:;.&6 node addresses (Figure 1 and 2). mand Distance Vector instructions. (AODV) routing protocol at the MANET level. We use the network simulator ns-2 Figure 4: Data delivered at the destination vs. We next show two examples (Tables I and II) of routing (ns-emulation version) to simulate the wireless connectivity of both DTN and MANET nodes. Preliminary • In addition to DTN node names, AODV’s HELLO Fig. 1. Architecture of a DTN node running over a MANET substrate. The time for 2% packet loss probability. predicates. results show the efficient and correct operation of propagating routing predicates. For theis application of (PR) enabled. 2.5 2.5 node Predicate Routing messages are also used to propagate low-level 2.5 content re-routing through an intermediary, as a side effect, results demonstrate thepoint performance of From the network of view, benefit the predicate is a set of MANET routing predicates (Figure 3). These !"#$ 2 Drop Predicate #1 Inserted !!!"#$%&'()$!*+,)&-.!/"0 A. Predicate Examples 2 rules that each MANET packet has to satisfy. Our system Drop Predicate #1 Inserted 50 content re-routing that dynamically (on-demand) breaks the underlying end-to-end TCP connections into 34+ latter predicates are mapped by the convergence 2 Predicate #1 Inserted DropDrop Predicate #1 Inserted maps declarative user policies to such network-level routing !"#$%&'&(&)*&$+,-.&,&)/0/12) B. PreDA Advantages shorter-length TCP connections. layer from given DTN-level requirements on routConsider the injection of two predicates as in Table I. The Drop Predicate #1 Removed 45 Drop Predicate #1 Removed predicates. Predicates get propagated and installed as MANET-1.5 1.5 Predicate #1 Removed DropDrop Predicate #1 Removed 1.5 3+-4$#.$-'$!5(6$# objective of these two rules is to re-direct the traffic destined to ing content. level forwarding rules. Any Our DTNPreDA node can inject, from the cooperation between architecture enables the Drop Predicate #2 Inserted Drop Predicate #2 Inserted 40 a node D to an intermediate DTN nodeapplication I for authentication or DTN Drop Predicate #2 Inserted level, a routing rule that gets seamlessly translated 1 overlay and the underlying network. This cooperation 1 Drop Predicate #2 Inserted "<4 • As !"# a proof of concept, we implemented our architec1 into MANET-level enabling MANET routing from the MANET level, Drop Predicate #2 Removed pre-processing. The first rule directs all dataa destined to noderule,includes (i) new gathering information Drop Predicate #2 Removed )2:& 35 ture on our UML based testbed [3] that simulates a Drop Predicate #2 Removed instructions. D but not yet pre-screened at node I to node I. Notice that if (ii) applying data mining techniques !!!!!!!"#$%&'()$!*+,)&-.!1,22+#)!3+%$!!! ! Drop Predicate #2 Removed 0.5 0.5 at the DTN level, and DTN Predicate Routing 0.5 network of emulated DTN-MANET nodes as well Drop ifDrop source DTNis#4DTN #4 the API destination node 93#=" if is source 30the DTN overlay, We the nextintermediate show two examples (Tables I and II) of routing API D is in the path to reach (iii) declaratively generating rules from $56&($7-0*&$ Drop if0.08 source is DTN 0.1 #6DTN #6 0.01 0.02 0.03 0.04 0.05 0.06 0.07 Drop source Drop ifif0.09 source isis DTN #4 )2:& DTN Reference Implementation node I, then node D forwards the MANET packets matching as MANET-only nodes. The wireless connectivity Packet Loss Probability predicates. Bundle Daemon (dtnd) 0 Drop if source is DTN #6 thus facilitating general-purpose 0260network applications. For 270 280 290 300 310 320 330 260 270 280 290 300 310 320 330 Time (s) 0 Time (s) 8&()&.$92:;.&6 Convergence this ruleLayer without reassembling the associated data message for example, a DTN network could use trust-based 260 270 280 290 300 and mobility of nodes are simulated using the ns approaches to 310 320 330 Time (s) Bundle Router Figure 5: Percentage improvement in data delivery Application LibraryExamples (API) pre-screening. A. Predicate TCP collect trust information and generate rules as in Table II, or a simulator (ns-emulation version). The emulation DTN time vs. packet loss probability with 95% confidence node The second predicate ensures that pre-screened data coming sensed signal coming from a node can trigger the generation Predicate Routing Support Code usesThe UML (User Mode Linux) to run real DTN TCP UDP ... as in Table I. The2.5 Fig. 1. Architecture of a DTN node running over a MANET substrate. Consider the injection of two predicates 2.5 ... dtnsecrecv destinainterval when an authentication predicate is injected. from the intermediate DTN node I, dtnsend reach the original node ispurpose Predicate Routing (PR) enabled. 2.5 MANET of new routing predicates (rules) for the of energy Convergence Layers objective of these two rules is to re-direct traffic destined to a User Space (reference implementation) and MANET (AODV 2.5 2.5 node tion D. Note that if nodes (S, I and D) areApplications DTN nodes, then, saving, 2.5 load Ibalancing or packetorprocessing. 2 Servernode Libraries Drop Predicate #1 Inserted node D to an intermediate DTN for authentication routing) code. Kernel Modules 2 Drop Predicate #1 Inserted predicate overrides the normal DTN routing process. In partic2 Drop Predicate #1 Inserted pre-processing. The first rule directs all data destined to node 2 2 Predicate #1 Inserted DropDrop Predicate #1 Inserted 2 III. O VERALL A RCHITECTURE ular, node I, not recognizing itself as the destination, would Drop Predicate #1 Removed • We present throughput results showing the efficient D 2: butArchitecture not yet pre-screened at nodeimplementation. I to node I. Notice that if1.5 and (iii) declaratively Figure of the DTN reference generating routing rules from the DTN Drop Predicate #1 Removed 1.5 Drop Predicate #1 Removed Figure 1: Architecture of ahave PreDAdirected enabled DTN node running received bundles toTheDmodules without preprocessing. 1.5 the destination node D is in the path to reach the intermediate enabling PreDA are markedFigure with a “1 star ” . and correct operation of propagating routing predoverlay, thus facilitating general-purpose network applications. Drop Predicate #1 Removed shows the DTN-MANET 1.5stack—our modifiedDropDrop and 1.5 1.5 Predicate Removed Predicate #2#1 Inserted over a MANET substrate. In the stack modified and added supportsnode I, then node at Dthe forwards the MANET packets matching 1 For example, a DTNDropnetwork Thus, our our PreDA architecture predicate routing could use trust-based approaches Predicate #2 Inserted added components are marked by 1“stars.” Drop Predicate #2 Inserted icates. We demonstrate two applications. The first Drop Predicate #2 Inserted this rule without reassembling the associated data message for to components are marked by “DTN stars.”level as well. 1 1 Drop Predicateand #2 Inserted collect trust information generate routing rules as in 1 Drop Predicate #2 Removed The block named Application Programming Interface (API) 1 application re-directs content to an intermediary pre-screening. Table II, or a sensed signal coming from a node can trigger Drop Predicate #2 Removed Drop Predicate #2 Removed 0.5 Declarative approaches have been widely discussed as clean-slate alternative to routing or transport protocols Our work is of [1, the2].DTN reference implementation is extended to allow Drop Predicate #2 Removed 0.5 node for pre-processing (Example 2, Figure 4 Drop Predicate #2 Removed 0.5 the generation of new routing predicates (rules) for the purpose Predicate Action 0.5 The second predicate ensures that pre-screened data comDrop if source is DTN #4 0.5 the first to enable declarative routing into a DTN architecture overlayed over a MANET substrate. to inject high-level requirements applications or constraints. 0.5 Dropififsource sourceisisDTN DTN#4 #6 Drop saving, load balancing src = ¬I ∧ dest= D ing to I from the intermediate DTN node I, reach the original of energy Drop ifor sourcedata is DTN #4processing. and 5). We also demonstrate the correct operaDrop if source is DTN #4 0 0 Drop if source is DTN #6 Drop ifif source is #6 280 290 300310 310 320320 We refer to this modification as Predicate Routing API (PRDrop source is DTN DTN #4#6 260 270 260 280270 290 300 330 Drop if330 source is DTN src = I ∧ dest= D to D destination D. Note that if nodes (S, I and D) are DTN0260 0260 2700 270 280 280 290 290Time300(s)Time [s] if source DTN #6 tion of a second application where a malicious node 310 310 320 Drop 330 is 300 320 330 260 270 280 290 300 310 320 330 API). Time (s) TimeTime (s) nodes, then these predicates override the normal DTN routing 0260 III. O VERALL A 320 RCHITECTURE 270 280 290 300 (s) 310 330 is isolated by dropping all its packets (Example Time (s) The Predicate Routing Support Code (PRSC) component, TABLE I Figure 6: Throughput drops and resumes after the process. In particular, under normal DTN routing, node I, D IRECT ALL D- TRAFFIC TO AN INTERMEDIATE DTN NODE I itself FOR 1, Figure 6). implemented in the routing protocol user space, mainly impleFigure 1 shows the DTN-MANET stack—our modified not recognizing as the destination, would have directed “ dropping ” predicates propagate and are removed. A depicted PreDA packet together with the DTNAUTHENTICATION neighbor discovery extension packet are attached with CONTENT . andiptables added Linux components received bundles to D without preprocessing. Thus, our ments two functionalities: (1)PreDA it uses the facilityare marked by “stars.” the HELLO message. Predicate info are disseminated together with DTN EID of newly discovered nodes, architecture supports predicate at the DTN level routing as [9] torouting install predicate MANET rules, soblock that MANET The named Application Programming Interface their MANET address, and their distance in hops to every other well. node in the network.packets carrying content —IP packets or DTN (API) of thebundle(s)— DTN reference implementation is extended to 0 78 15 16 23 24 32 are routed based constraints, and to (2)inject it high-level routing requirements or allow applications Predicate Action on DTN-level routing [1] Timothy Roscoe, Steven Hand, Rebecca Isaacs, Richard Mortier, and Paul W. Jardetzky. Predicate Routing: Enabling Controlled Predicate Action Predicate constraints. We referother to this modification as Predicate Routing Type = 15 Length Flags new routing extensions to discover src = ¬I ∧creates dest= Dand manages to I Type Networking. Computer Communication Review, 33(1):65–70, 2003. src = ¬W ∧ dest= D drop API (PR-API). IP address src = I ∧DTN dest= nodes D to D propagate MANET routing and predicates. [2] Eiko Yoneki and Jon Crowcroft. Towards Data-Driven Declarative Networking in Delay Tolerant Networks. In DEBS 08 InterThe Convergence Layer (CL) interfacesThe DTN and MANET Predicate Routing Support CodeSystems. (PRSC) component, TABLE II national Conference on Distributed Event-Based ACM, 2008. TABLEallI D traffic to an Example 1: Drop traffic not origiExample 2: Direct Figure 3: Proposed PreDA D packet exby maintaining the mapping betweenimplemented DTN node in names and protocol user space, mainly implethe routing ROP TRAFFIC NOT ORIGINATED BY A White list W OF MANET NODES D IRECT ALL D- TRAFFIC TO AN INTERMEDIATE DTN NODE I FOR nated by a WhiteTOList W of nodes and intermediate DTN node I for content au[3] Gabriele Flavio Esposito, and Ibrahim Matta. Linux Supporting Predicate Routing in DTN over MANET. In CHANTS tension, to propagate with DTN discovAND DIRECTED A PRIVATE NODE . ments two functionalities: (1) it uses the iptables facility CONTENT IP/MANET AUTHENTICATION . addresses. The mappings areFerrari usedAggradi, to translate directed to a node D. thentication. ’08:[9] Proceedings of the third MANET ACM Workshop onrules, Challenged Networks at MOBICOM, pages 125–128, San Francisco, Caliery, piggybacked in HELLO messages. to install predicate routing so that MANET routing predicates on DTN node names to routing predicates fornia, USA, 2008. ACM.content —IP packets or DTN bundles— are packets carrying on corresponding IP/MANET node addresses. routed based on DTN-level routing constraints, and (2) it 55 Overall PreDA Architecture Data (MB) (MB) DataData (MB) Data (MB) 2 1.5 1 50 Percent improvement in delivery time % Improvement in Delivery Time 2.5 45 40 35 4 4 4 4 0.5 3.8 30 3.8 3.8 3.8 0.01 3.6 0.02 3.6 0.03 0.04 3.6 if source0.1is DTN #4 0.08Drop0.09 0.05 0.06 0.07 Packet loss probability Drop if source is DTN #6 3.6 0 260 3.4 270 280 3.4 290 3.4 300 Time (s) 310 320 330 3.4 3.2 3.2 3.2 3.2 3 3 3 3 2.8 2.8 2.8 2.8 2.6 2.4 2.4 2.4 2.2 2.4 2.2 2.2 2.6 DataData[MB] (MB) 2.2 Data (MB) (MB) DataData (MB) Data (MB) Data (MB) 2.5 2 2.6 2.6 2 2 2 0 0.2 2 0 0 1.5 0 0.2 0.4 0.2 0.4 0.4 0.6 0.2 0.4 0.6 0.6 0.8 0.6 0.8 0.8 1 1 1 1.2 1.2 1.21.4 1.4 1.4 1.6 1.6 1.61.8 1.8 1.8 2 2 0.8 1 1.2 1.4 1.6 1.8 2 2 1 4 4 4 0.5 4 4 3.8 3.8 4 3.8 3.8 3.6 Drop if source is DTN #6 3.8 0 260 3.6 3.6 270 3.4 Predicate Routing Design and Examples Drop if source is DTN #4 3.8 3.6 280 290 3.6 3.4 300 Time (s) 310 320 330 3.6 3.4 3.4 3.2 3.4 3.2 3.4 3.2 3.2 3 3.2 3 2.8 3.2 3 3 3 2.8 2.6 3 2.8 2.6 2.8 2.8 2.4 2.8 2.6 2.2 References 2.6 2.6 2.4 2.6 2.4 2.2 2.2 2 2 0 2.4 2.4 2.4 2.2 2.2 2.2 0.2 2 0 0 0.2 2 0 2 2 0 0.2 0.4 0.4 0 0.2 0.4 0.2 0.2 0.6 0.6 0.4 0.4 0.6 0.4 0.8 0.8 0.6 0.6 0.8 0.6 1 1.2 1 1.4 1.6 1.8 1.6 2 1.2 1.4 1.8 2 0.8 0.8 1 1 1 1.2 1.2 1.21.4 1.4 1.4 1.6 1.6 1.61.8 1.8 1.8 2 2 0.8 1 1.2 1.4 1.6 1.8 2 2