Transcript Document

Internet Indirection
Infrastructure
Ion Stoica and many others…
UC Berkeley
Motivation
• Today’s Internet is built around a unicast
point-to-point communication abstraction:
– Send packet “p” from host “A” to host “B”
• This abstraction allows Internet to be highly
scalable and efficient, but…
• … not appropriate for applications that require
other communications primitives:
–
–
–
–
Multicast
Anycast
Mobility
Service composition
2
Our solution: Internet Indirection
Infrastructure (i3)
• Each packet is associated an identifier id
• To receive a packet with identifier id, receiver R
maintains a trigger (id, R) into the overlay
network
data id
Sender
Receiver (R)
data R
id R
trigger
3
Service Model
• API
– sendPacket(p);
– insertTrigger(t);
– removeTrigger(t) // optional
• Best-effort service model (like IP)
• Triggers periodically refreshed by end-hosts
• ID length: 256 bits
4
Mobility
• Host just needs to update its trigger as it moves
from one subnet to another
Sender
id R2
R1
Receiver
(R1)
Receiver
(R2)
5
Multicast
• Receivers insert triggers with same identifier
• Can dynamically switch between multicast and
unicast
data id
Sender
data R1
id R1
Receiver (R1)
id R2
data R2
Receiver (R2)
6
Anycast
• Use longest prefix matching instead of exact
matching
– Prefix p: anycast group identifier
– Suffix si: encode application semantics, e.g., location
data p|a
Sender
data R1
p|s1 R1
p|s2 R2
Receiver (R1)
Receiver (R2)
p|s3 R3
Receiver (R3)
7
Service Composition: Sender Initiated
• Use a stack of IDs to encode sequence of
operations to be performed on data path
• Advantages
– Don’t need to configure path
– Load balancing and robustness easy to achieve
Transcoder (T)
data idT,id
Sender
data id
data T,id
idT T
data R
id R
Receiver (R)
8
Service Composition: Receiver
Initiated
• Receiver can also specify the operations to be
performed on data
data id
Sender
Firewall (F)
data R
data F,R
idF F
Receiver (R)
data idF,R
id idF,R
9
Basic Design Decisions
1) Host-controlled routing
2) Semanticless IDs
3) ID matching scheme
10
1) Host-Controlled Routing
• i3 gives end-hosts or/and 3rd parties the ability to control
routing
– A trigger is like a routing entry
• Highly flexible: after all routing is the main functionality
provided by a network!
– Use cryptographic techniques to prevent most attacks on
infrastructure
• Security implications:
– Protection against DoS: at i3 level a host is not reachable unless it
inserts a “path” that points to itself
– Anonymity: easy to use onion-like routing
11
2) Semanticless Identifiers
• An ID can identify “anything”
–
–
–
–
–
–
Interface
Router or end-host
Service
Session end-point
A packet
…
• The meaning of the ID is determined by
applications (or higher layers)
– Think of application-level resolution of IDs
12
3) ID Matching
• Longest prefix matching
• Matching multiple entries
13
Implication of Design Decisions
Host-controlled
routing
Sementicless
IDs
ID
Matching
Mobility
Anycast
Multicast
Service
composition
14
Open Questions
• Management
• Economic model
• Quality of service
• …
15
Status
• i3 available as a service on Planetlab
• Support for legacy applications in Linux and Windows
XP/2000 – OCALA (Overlay Convergence Architecture for
Legacy Applications)
• Current applications
– Mobility
– Transparent access to machines behind NATs
– Secure and transparent access to services behind firewalls
• Available:
– http://i3.cs.berkeley.edu/i3/index.html
– http://i3.cs.berkeley.edu/OCALA/index.html
16