2) Internet-problems
Download
Report
Transcript 2) Internet-problems
i-2 Internet problems
Taekyoung Kwon
[email protected]
scalability
• Network prefix keeps increasing
– Superlinearly
• Forwarding info base (FIB) size increases
– routers in Default free zone (DFZ)
Why increase?
• Multi-homing
• Traffic engineering
• Non-aggregatable prefix allocation
Source: bgp.potaroo.net
3
Multi-homing
• reliability
4.0.0.0/8
3.0.0.0/8
ISP1
ISP2
3.4.0.0/16
3.4.0.0/16
company1
Traffic engineering (1/2)
• E.g. load balancing
4.0.0.0/8
ISP1
3.4.0.0/16
3.4.0.0/16
ISP2
Traffic engineering (2/2)
• E.g. load balancing
4.0.0.0/8
ISP1
3.4.0.0/16
3.4.1.0/24
ISP2
3.4.2.0/24
ViAggre, “Making routers last longer with ViAggre”, NSDI ‘09
Why routing scalability matters?
• FIB is expensive
Virtual aggregation (ViAggre)
ViAggre: Basic Idea
ViAggre: Basic Idea
Data plane operations
Route stretch
Ingress -> aggregation point
Aggregation point -> egress
scalability
• LISP (locator identifier separation
protocol)
mobility
• Session continuity
– TCP/IP socket
• IP address is fixed
– IP address is changed with mobility
• Initial lookup
– DNS assumes static binding between
domain name and IP address
– What if IP address of a host changes
dynamically?
mobility
• Destination mobility
– Client changes her point of attachment
during session
• Source mobility
– What if source moves?
• What if both endpoints change their
points of attachment simultaneously?
Taxonomy: mobility proposals
• L3
– MIPv4, MIPv6, PMIP
• L4
• Shim layer
IP mobility problem
• Internet hosts/interfaces are identified by IP address
– Host identifier
– Locator
• Moving to another network requires different network
address
– But this would change the host’s identity
– How can we still reach that host?
Routing for mobile hosts
MH = mobile host
CH
CH = correspondent host
Foreign network
Home network
MH
How to direct packets to moving hosts transparently?
CH
Home network
Foreign network
MH
5 slides are from Scott Midkiff @VT hereafter
Host-specific routes
• There are numerous routers
• There will be even more mobile hosts
• Whenever a host changes its address, it
may have to be propagated across the
Internet
?
Mobile IP
LD (location directory)
• identifier: location
• home address (HoA): care-of address (CoA)
Proxy Mobile IP
L4 Proposals
• MSOCKs
– “MSOCKS: An Architecture for Transport
Layer Mobility,” infocom ‘98
• SCTP
– RFC 4960, “Stream Control Transmission
Protocol”
• Migrate
– “An End-to-End Approach to Host Mobility,”
MobiCom ‘00
Migrate
• Locate hosts through existing DNS
– Secure, dynamic DNS is currently deployed and
widely available (RFC 2137)
– Maintains standard IP addressing model
• IP address are topological addresses, not Ids
• Fundamental to Internet scaling properties
• Ensure seamless connectivity through
connection migration
– Notify only the current set of correspondent hosts
– Follows from the end-to-end argument
Migrate Architecture
Location Query
(DNS Lookup)
Location Update
(Dynamic DNS Update)
DNS Server
Connection Initiation
Connection Migration
Correspondent
Host
Mobile Host
foo.bar.edu
yyy.yyy.yyy.yyy
xxx.xxx.xxx.xxx
Shim layer: Insert an ID-locator
mapping layer
• Shim6
– Level 3 Multihoming Shim Protocol for
IPv6 , RFC 5533
• HIP
– Host Identity Protocol (HIP) Architecture, RFC
4423
Content delivery efficiency
•
•
•
•
•
P2P: BitTorrent
CDN
IP multicasting
Wireless multicasting/broadcasting
CCN
Content centric networking
• FIB Scalability
• Source mobility
• Cache-BW tradeoff
Security: DDOS
• DDoS
– Filtering-based
– Capability-based
Security: PKI
• PKI is vulnerable
– Certificate chain
• certificate
Digital Certificate
“I officially approve
the relation between
the holder of this
certificate (the user)
and this particular
public key.
Source: Atul Kahate
Digital Certificate Signed by CA
Digital Certificate
Subject Name: …
Public Key: …
…
CA’s Digital
Signature
To verify this
certificate, we need to
de-sign it using the
CA’s public key. If we
can de-sign the
certificate, we can
safely assume that the
certificate is valid.
“de-sign” means to verify the message digest of certificate by using CA’s public key
CA Hierarchy
Root CA
Second Level
CA
Third Level
CA
Third Level
CA
…
Second Level
CA
…
Second Level
CA
Third Level
CA
Third Level
CA
…
PKI threats
• Everybody can be a CA
• A naïve/reckless/malicious CA may issue
a certificate to a malicious entity.
• The malicious entity runs a bogus server
– Say, citibank.com
• Somehow DNS response of citibank.com
has the IP address of the malicious entity
• Then what?
Video adaptation
• How to maximize users’ QoE in a cell or
a group of cells in adaptive multimedia
framework
• QoS: throughput, delay, jitter, loss
• QoE: PSNR, MOS, zapping time
Rate Adaptation is a must
• Different devices
• Link/path bandwidth
• Dynamics
2Mb/s
0.5Mb/s
1Mb/s
40/24
0.2Mb/s
Online transrating/transcoding
• Original video is modified
Netmanias, 2012
41/24
Dynamic Adaptive Streaming over HTTP
(DASH)
• Segments for multiple quality levels
Thomas Stockhammer, Qualcomm
42/24
Scalable video coding (SVC)
• Multiple layers for progressive quality
enhancement
Spatio-Temporal-Quality Cube
Layered
Encoder
Layered
Video
Layer l
…
Enhancement
Layer
Layer 3
Layer 2
Base layer
Layer 1
* MDC: multiple description coding
Location-based Mobile
Networking
• offloading
• handoff
• P2P communications
Data center networking
• Monitoring
• Re-routing
• TCP
TCP for Big Data
• “Understanding TCP Incast and Its
Implications for Big Data Workloads”
• “Cascaded TCP: Big Throughput for Big
Data Applications in Distributed HPC”
Oracle Mapping System
•
•
•
•
Mobility
Routing scalability
Content delivery
Certificate Verification