Download IPOP: Self-configuring IP-over-P2P Overlay

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

IEEE 1355 wikipedia , lookup

Network tap wikipedia , lookup

Multiprotocol Label Switching wikipedia , lookup

Wireless security wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Airborne Networking wikipedia , lookup

Asynchronous Transfer Mode wikipedia , lookup

Distributed firewall wikipedia , lookup

RapidIO wikipedia , lookup

Computer network wikipedia , lookup

Distributed operating system wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Deep packet inspection wikipedia , lookup

Extensible Authentication Protocol wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Peer-to-peer wikipedia , lookup

Transcript 
ACIS
Advanced Computing and Information Systems
IPOP: Self-configuring IP-over-P2P Overlay-based Virtual Private Networking
Pierre St Juste, Renato J. Figueiredo @ University of Florida
Abstract
Architecture
We present IPOP (IP-over-P2P, http://www.ipopproject.org), an easy to deploy user-level system which
uses a self-configuring peer-to-peer overlay to
ensure private IP connections between virtual
machines that can be physically distributed across
multiple sites, but are logically interconnected by a
virtual network. Our goal is to demonstrate that this
overlay VPN technology can complement or
supplant emerging cloud networking solutions such
as Amazon VPC or Microsoft Azure’s upcoming
software-defined-networking services, in a manner that
allows user-defined inter-cloud virtual networks.
Key Features
1
Get signed
X509 certificate
2
VM1 @ EC2
VM1 @ EC2
VM2 @
FutureGrid
VM3 @ UF-ACIS
VM2 @ FutureGrid
=> Chord-like structured P2P overlay
Centralized VPN Approach (OpenVPN)
=> Decentralized DHCP service through DHT
=> IP packets routed through gateway (latency and bandwith)
=> Builtin packet encryption and support for IPSec
=> Gateway handles encryption/decryption (trust)
=> Decentralized NAT traversal
=> IP routing information stored at gateway (stateful)
P2P VPN DHT-based Approach (IPOP)
=> IP packets routed directly over P2P connections
=> Authentication and encryption is end-to-end
IPOP Technical Details
=> IP packets captured through virtual TAP network interface provided by the kernel
IPOP in the Cloud
=> IP address is looked up in DHT for P2P address that maps to a direct connection
=> Deployments in EC2, GoGrid, FutureGrid
=> IP packet is encrypted (by IPSec) and sent over P2P overlay for delivery
=> Delivers up to 98 Mbps on Amazon EC2
=> Enables condor deployments across cloud providers
Apps
IPOP
Apps
IPOP
=> Exploring support for Openflow
=> Autoconfiguration support for StrongSwan
=> Builtin packet encryption and supports IPSec
This research is supported by the National Science
Foundation under Grant No. 1234983.
Send IP over encrypted
P2P connections
=> Routing information is distributed
=> Fully decentralized with no single point of failure
Future Work
VM3 @
UF-ACIS
VNIC
Kernel
IP Addr
P2P Addr
User
10.15.23.213
ABCD
Alice
10.15.30.21
EFGH
Bob
Kernel
VNIC
Related documents
Slides (PDF).
Slides (PDF).
The Internet and World Wide Web
The Internet and World Wide Web
Copyright Law
Copyright Law
The Center for Autonomic Computing
The Center for Autonomic Computing
N:Y - The ACIS Lab - University of Florida
N:Y - The ACIS Lab - University of Florida
Ecosystems Review Sheet - Liberty Union High School District
Ecosystems Review Sheet - Liberty Union High School District
PowerPoint - Computer Sciences Dept.
PowerPoint - Computer Sciences Dept.
View Sample PDF - IRMA
View Sample PDF - IRMA
AP Biology – Ecology Unit Study Guide – C. Gray Mitchell This list is
AP Biology – Ecology Unit Study Guide – C. Gray Mitchell This list is
ppt - ICEBERG Project
ppt - ICEBERG Project
Employee Assisstance Program - Los Angeles County Department
Employee Assisstance Program - Los Angeles County Department
Nearcast: A Locality-Aware P2P Live Streaming Approach for
Nearcast: A Locality-Aware P2P Live Streaming Approach for
Net Primary Production (NPP)
Net Primary Production (NPP)
link request
link request
Seeing Beyong Risk
Seeing Beyong Risk
Service Function Chaining Problem Statement draft-ietf-sfc
Service Function Chaining Problem Statement draft-ietf-sfc
slides - Academia Sinica
slides - Academia Sinica
Peer-to-Peer Overlay Networks
Peer-to-Peer Overlay Networks
Slide 1
Slide 1
Synchronization of VM probes for observing P2P traffic and
Synchronization of VM probes for observing P2P traffic and
On peer-to-peer (P2P) content delivery
On peer-to-peer (P2P) content delivery