SCORE: A Scalable Architecture for Implementing Resource
Download
Report
Transcript SCORE: A Scalable Architecture for Implementing Resource
Towards a New Naming
Architectures
Ion Stoica, Scott Shenker, and many
others…
Goals
• Support
– Mobility: machine, data, session
– Multi-homing, multiple-interfaces
• Make middle-boxes part of architecture
• Security
– Better support against DDoS
– Anonymity
• …
2
Designs
•
•
•
•
Host Identity Protocol (HIP)
Internet Indirection Infrastructure (i3)
Semantic-Free Referencing (SFR)
Layered Naming Architecture (LNA)
3
Designs
Host Identity Protocol (HIP)
• Internet Indirection Infrastructure (i3)
• Semantic-Free Referencing (SFR)
• Layered Naming Architecture (LNA)
4
Host Identity Protocol (HIP)
• Provides:
– Fast mobility
– Multi-homing
– Support for different addressing schemes
• Transparent IPv4 to IPv6 migration
– Security
• Anonymity
• Secure and authenticate datagrams
5
HIP
• A public key used to identify an end-host
• A 128-bit host identity tag (HIT) used for
system calls
– HIT is a hash on public key
– Global scope
• A 32-bit local scope identifier (LSI) for IPv4
compatibility
HIT replaces IP address as a name
of a system
6
Protocol Stack
Process
Process
Transport
<IPaddr, port>
Transport
IP Layer
<IPaddr>
HIP Layer
IP Layer
<HIT, port>
<HIT>
<IPaddr>
7
How It Works?
HIT
Client app
DNS
library
DNS
Client app
send(HIT)
HIT=hash(P)
IPaddr
4-way authentication
Transport
HIP
daemon
send(HIT)
HIT
HIP layer
Transport
HIP
daemon
HIP Layer
IPaddr, P
send(IPaddr)
IPsec
send(IPaddr)
IPsec
8
Designs
• Host Identity Protocol (HIP)
Internet Indirection Infrastructure (i3)
• Semantic-Free Referencing (SFR)
• Layered Naming Architecture (LNA)
9
Internet Indirection Infrastructure (i3)
• Supports:
–
–
–
–
Mobility
Multi-homing
Anycast
Multicast
• Accommodate middle-boxes
• Security
– Anonymity
– DoS
10
Internet Indirection Infrastructure (i3)
• Each packet is associated an identifier id
• To receive a packet with identifier id, receiver R
maintains a trigger (id, R) into the overlay
network
data id
Sender
Receiver (R)
data R
id R
trigger
11
Integrate Middle-Boxes
• Use a stack of IDs to encode sequence of
operations to be performed on data path
Transcoder (T)
data idT,id
Sender
data id
data T,id
idT T
data R
id R
Receiver (R)
12
i3 Identifiers
• 256-bit IDs
• ID ultimately mapped to an (IPaddr:port)
– Mapping under application control
• ID can represent
– A host, flow, service, etc
ID can identify any entity that
can receive packets
13
Protocol Stack
Process
local scope
Process
Transport ID/<IPlocal, port>
Transport
IP Layer
<IPaddr, port>
<IPaddr>
i3 layer
<ID>
(IPlocal->ID)
IP Layer
<IPi3>
Sender specific
14
How It Works?
(Native i3 Applications)
Receiver R
DNS
Client app
Client app
send(id)
Transport
Transport
i3
daemon
send(id)
i3 layer
i3 layer
send(IPi3)
IP
IPi3
id R
send(id)
IP
15
How It Works?
(Legacy Applications)
IP address: r
Client app
DNS
library
DNS
Client app
IPlocal
Transport
send(IPlocal, port)
i3 layer
send(IPi3)
Transport
id
i3
daemon
i3
daemon
send(r,p)
i3 layer
id,IPlocal
IPi3
IP
id (r:p)
send(id)
IP
16
Designs
• Host Identity Protocol (HIP)
• Internet Indirection Infrastructure (i3)
Semantic-Free Referencing (SFR)
• Layered Naming Architecture (LNA)
17
Goal: Address DNS Limitations
• DNS names identify machines and organizations
not data
– Data cannot be easily moved
– Data cannot be easily replicated
• DNS names are brand names
– Political fighting
18
SFR Solution
• Use IDs instead of DNS name
• ID space is flat and IDs have no semantics
• A generalization of DNS
– Returns metadata instead of an IP address
• How to implement it?
– Use distributed hash-tables (DHTs)!
19
DHT Primer
• Interface
– put(id, data)
– data = get(id)
• Highly scalable
– O(log N) hops to execute an operation
• Highly robust
– Can tolerate ~50% of nodes going down
• Highly dynamic
– Entries can be changed very fast
20
Designs
• Host Identity Protocol (HIP)
• Internet Indirection Infrastructure (i3)
• Semantic-Free Referencing (SFR)
Layered Naming Architecture (LNA)
21
Layered Naming Architecture (LNA)
• Supports:
– Mobility
– Multi-homing
• Integrate middle-boxes
• Security (through middle-boxes)
– Anonymity
– DoS
–…
22
A Old Naming Taxonomy
• Four kinds of network entities (Saltzer):
– Services (and data)
– Hosts (endpoints)
– Network attachment points
– Paths
• Should name each individually:
– Ignore paths (router involvement)
– IP addresses name attachment points
– Endpoint identifiers (EIDs) name hosts
– Service identifiers (SIDs) name services/data
23
Protocol Stack
Process
Process
Transport
<IPaddr, port>
IP Layer
<IPaddr>
SID↔EID
<SID>
Transport
<EID, port>
EID↔IP
<EID>
IP Layer
<IPaddr>
24
How It Works?
“DNS”
Client app
Client app
send(sid)
SID↔EID
eid = get(sid)
DHT
send(eid)
send(eid)
send(IPi)
IP
LNA
daemon
SID↔EID
Transport
Transport
EID↔IP
put(sid, eid)
put(eid, IP)
Intermediary (IPi)
EID↔IP
IP
25
Principles
• Don’t bind to lower-level IDs prematurely
– Host mobility and renumbering (HIP)
– Service and data migration
• Resolution of name need not point to object
itself, but can point to its delegate
– Resolution can point to intermediaries who
process packets on behalf of the named target
26
Naming Architecture Requirements
1) There should be a layer in the protocol stack that
uses IDs not IP addresses
•
Mobility, multi-homing, replications, …
2) IDs should be able to name arbitrary objects
3) IDs should encode as little semantics as possible
4) End-points should be able to use indirection at
the ID level
•
Integrate middle boxes
27
How Many ID Layers?
•
•
•
•
HIP: one layer; IDs identify machines
SFR: one layer; IDs identify data
i3: one layer; IDs identify arbitrary objects
LNA: two layers
– EIDs identify machines
– SIDs identify everything else
28
When is the Resolution IDIP Done?
•
•
•
•
SFR: above transport
HIP: below transport, at HIP layer
i3: in the infrastructure
LNA: below transport
– But IP address can be an intermediate point
29
Security Support?
• HIP:
– Authentication, data integrity
– Anonymity at transport layer
– Transport layer resistance to DoS attacks
• i3
– Anonymity at IP layer
– Some DoS defense at IP layer
– Everything else can be done though middle-boxes
• LNA
– Everything can be done through middle-boxes
30
Resources
• HIP: http://homebase.htt-consult.com/~hip/
• SFR: http://nms.lcs.mit.edu/projects/sfr/
• i3: http://i3.cs.berkeley.edu
31