* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download “Narrow Waist” of the Internet Key to its Success
Survey
Document related concepts
Video on demand wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Deep packet inspection wikipedia , lookup
TV Everywhere wikipedia , lookup
Net neutrality law wikipedia , lookup
Computer network wikipedia , lookup
Distributed firewall wikipedia , lookup
Network tap wikipedia , lookup
Airborne Networking wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Transcript
12/12/2016 Testbed‐based Evaluation of the eXpressive Internet Architecture Peter Steenkiste Dave Andersen, David Eckhardt, Sara Kiesler, Jon Peha, Adrian Perrig, Srini Seshan, Marvin Sirbu, Hui Zhang Carnegie Mellon University Aditya Akella, University of Wisconsin John Byers, Boston University Bruce Maggs, Duke Nice Workshop, Irvine, Dec 12, 2016 1 “Narrow Waist” of the Internet Key to its Success • Has allowed Internet to grow and evolve dramatically in the last 40 years • Adoption throughout society Applications – E‐commerce, social networks, cyber‐physical, … Internet Protocol •Evolvability Transformation usage models + Security Link Technologies – Host‐based → content, services • Revolution in infrastructure – Kilobits/sec ‐> Terabits/sec – Copper ‐> fiber + wireless 1 12/12/2016 Multiple Principal Types • Associated with different forwarding semantics – Support heterogeneity in usage and deployment models • Hosts XIDs support host‐based communication – who? • Service XIDs allow the network to route to possibly replicated services – what does it do? – LAN services access, WAN replication, … • Content XIDs allow network to retrieve content from “anywhere” – what is it? – Opportunistic caches, CDNs, … • Set of principal types can evolve over time 3 Flexible Addressing: DAGs • Combining intent and fallback address offers flexibility for network in completing request – Set of principal types can evolve – In‐network failure recovery …. CID Dest NID:HID NID:HID Src …. Payload • Also supports scoping Cache Cache Cache NIDS Source network CIDS Internet HIDS Destination network 4 2 12/12/2016 Intrinsic Security in XIA • XIA uses self‐certifying identifiers that guarantee security properties for communication operation – Host ID is a hash of its public key – accountability (AIP) – Content ID is a hash of the content – correctness – Does not rely on external configurations • Useful for bootstrapping e‐e security solutions • Intrinsic security is specific to the principal type: – Content XID: content is correct – Service XID: the right service provided content – Host XID: content was delivered from right host 5 Open Source XIA Release https://github.com/xia‐project/ Routing Net Join “DNS” Applications IP Chunking XCache Xsockets XDP Discovery XSP ARP XIA XCMP Datalink • XIA Prototype released in May 2012 – Includes full XIA protocol stack, SID/CID support, utilities • Being used to support evaluation, applications, services • New functionality is being added regularly 6 3 12/12/2016 Network Evaluation • Metrics: throughput, latency, fairness, … • Techniques: modeling, simulation, prototyping Internet Architecture Evaluation • Trustworthiness, mobility, content retrieval, privacy, evolvability, economic viability, deployability, ility • Techniques: ? 7 Architectural Levels Principles and Invariants • Principal types • Intrinsic security • Flexible addressing Concepts Concrete Specification • Set of XIDs with • … intrinsic security • DAGs IETF RFC • Click prototype • Native Unix (BU) Running Code Implementation 8 4 12/12/2016 Evaluation Strategy • Address traditional network challenges – Design (IETF) and implementation (Running Code) → argue the value of architectural Concepts – Mobility, service anycast, caching, … • Direct evaluation of architecture – Evaluate concepts directly, e.g., game theory • XIA use cases – challenge cases on steroids – Small deployments to provide realistic conditions – Also gain experience in running XIA network 9 Large Scale Video Distribution A Video Control Plane • Challenge: optimize user QoE – For a bandwidth intensive application 1. Wide‐spread use of in‐network caching – Enabled for different types of “content identifiers” 2. Network‐layer support for different content types: – Static (CIDs), customizable (nCIDs), dynamic (aSIDs) 3. A video control plane – Uses XIA data and control plane support to coordinate the players in the system: CDNs, player, brokers, … 5 12/12/2016 Video Distribution Over XIA • Delay binding e.g., third party or cellular ISP • Fault tolerance SID,HID Optimization Service Evolvable Control Plane: CDN‐ISP, ISP‐ISP collaboration ISP1 SID SID, HID AD Client Player Better Adaptation CID In‐network cache results CDN Node Caching Router Content Provider • Runs entirely on GENI • Geographically distributed devices • Enough cycles to service video chunks 11 Vehicular Networking • Challenge: fast handoff for V‐I communication – Supports cross‐network device, network mobility 1. Support for active session migration and mobile services – Uses flexible addressing and intrinsic security 2. Multi‐homing support and interface control 3. Fast and secure network joining protocol – For devices and personal networks https://www.youtube.com/watch?v=msLZnPcNp2o 12 6 12/12/2016 XIA Vehicular Testbed GENI (planned) https://www.google.com/maps/d/edit?mid=zPpLOu8QPjvw.kWqcAC9kCE3E 13 Experimental Evaluation of FIAs • Use of GENI is growing as run we larger network experiments: data and control plane + applications – Incremental deployment, service anycast, mobility, Scion path‐based forwarding, ... • But requirements are very diverse! – Focus on core versus edge, control vs data vs both – Scale, realism topology/cross‐traffic, domain richness, .. – Geographic diversity is often important • Shared generic devices/links are often fine – Need controlled sharing; also some controlled experiments https://www.youtube.com/watch?v=msLZnPcNp2o 14 7 12/12/2016 Credits • • • • • • • • • • • • “XIA: Architecting a More Trustworthy and Evolvable Internet”, David Naylor, Matt Mukurjee, Patrick Agyapong, Robert Grandl, Rougu Kang, Michel Machado, et al., ACM Computer Communications Review, Volume 44, Issue 3, July 2014. “XIA: Efficient Support for Evolvable Internetworking”,Dongsu Han, Ashok Anand, Fahad Dogar,Boyan Li, Hyeontaek Lim, Michel Machado, Arvind Mukundan, Wenfei, Aditya Akella, David Andersen, John Byers, Srinivasan Seshan, Peter Steenkiste, The 9th USENIX Symposium on Networked Systems Design and Implementation (NSDI '12), San Jose, CA, April 2012. “XIA: An Architecture for an Evolvable and Trustworthy Internet”, Ashok Anand, Fahad Dogar, Dongsu Han, Boyan Li, Hyeontaek Lim, Michel Machado, Wenfei Wu, Aditya Akella, David Andersen, John Byers, and Srinivasan Seshan and Peter Steenkiste, Tenth ACM Workshop on Hot Topics in Networks (HotNets‐X), November 14‐15, 2011, Cambridge, MA. “The Cost of the “S” in HTTPS”, D. Naylor, A. Finamore, I. Leontiadis, Y. Grunenberger, M. Mellia, M. Munafò, K. Papagiannaki, P. Steenkiste, 10th ACM International Conference on emerging Networking EXperiments and Technologies (CoNEXT 2014), Sydney, December 2014. “Balancing Privacy and Accountability”, David Naylor, Matthew Mukerjee, Peter Steenkiste, ACM Sigcomm 2014, August, 2014. “Understanding Tradeoffs in Incremental Deployment of New Network Architectures”, Matthew Mukerjee, Donsu Han, Srini Seshan, Peter Steenkiste, 9th ACM International Conference on emerging Networking EXperiments and Technologies (CoNEXT 2013), Santa Barbara, December 2013. “Architecting for Edge Diversity: Supporting Rich Services over an Unbundled Transport”, Fahad Dogar and Peter Steenkiste, 8th ACM International Conference on emerging Networking EXperiments and Technologies (CoNEXT 2012), Nice, France, December 2012. “Linux XIA: An Interoperable Meta Network Architecture,” Michel Machado, Ph.D., Computer Science, Boston University, 2014. Service routing based on SIDs, Yuchen Wu, Srini Seshan, Peter Steenkiste, work in progress. “A Framework for Evolvable Routing Protocols,” Shoban, Weiyang, Aditya Akella “FCP: A Flexible Transport Framework for Accommodating Diversity”, Dongsu Han, Robert Grandl, Aditya Akella and Srinivasan Seshan, Sigcomm 2013, Hong Kong, August 2013. “Why do people seek anonymity on the Internet? Informing policy and design”, Ruogu Kang, Stephanie Brown, and Sara Kiesler, ACM Conference on Human Factors in Computing Systems (CHI ’13), Paris, France, April 2013. 26 Growing Privacy Concerns • Network‐level anonymity is sometimes desirable, but it is expensive – Example: TOR ‐ encryption overhead, path stretch – No accountability • Operators want accountability – Example: AIP – address is hash of public key – No privacy • Can we balance privacy and accountability? – It looks like we need to choose one or the other 46 8 12/12/2016 Source Addresses as an Interface • Source address affect both accountability and privacy in a fundamental way • What are source addresses used for? Hard to balance Privacy and Accountability: Return address Identify sender Accountability Tor versus AIP Error reporting “Tussle” controlled Flow ID Used by: Destination Network by on/off switch 47 Accountability and Privacy David • View source addresses as accountability addresses Naylor – Uses AIP style accountability, but … – Accountability can be delegated to a “service” that takes responsibility for packet – Return address can be (hidden) inside packet • Many “details”: nature of delegate, fate sharing, … 48 9 12/12/2016 Questions? 51 10