Page 1
IndirectionIndirection
Jennifer RexfordJennifer Rexford
Advanced Computer NetworksAdvanced Computer Networkshttp://www.cs.princeton.edu/courses/archive/fall08/http://www.cs.princeton.edu/courses/archive/fall08/
cos561/cos561/Tuesdays/Thursdays 1:30pm-2:50pmTuesdays/Thursdays 1:30pm-2:50pm
Slides borrowed liberally from Ion Stoica’s CS 268 class at UC Berkeley
Page 2
Motivations
• Today’s Internet is built around a unicast point-to-point communication abstraction:– Send packet “p” from host “A” to host “B”
• This abstraction allows Internet to be highly scalable and efficient
• But not appropriate for applications that require other communications primitives:– Multicast – Anycast – Mobility– …
Page 3
Why?
• Point-to-point communication– Implicitly assumes there is one sender – … and one receiver, – … and that they are placed at fixed and
well-known locations• Network location tied to network layer
identifier– E.g., a host identified by the IP address
128.32.xxx.xxx is located in Berkeley
Page 4
IP Solutions
• Extend IP to support new communication primitives, e.g., – Mobile IP – IP multicast– IP anycast
• Disadvantages:– Difficult to implement while maintaining
Internet’s scalability (e.g., multicast)– Require community wide consensus -- hard
to achieve in practice
Page 5
Application-Level Solutions
• Implement the required functionality at the application level, e.g., – Application-level multicast – Application-level mobility
• Disadvantages:– Inefficiency: hard to achieve good
performance– Redundancy: Each application implements
the same functionality over and over again– No synergy: each application implements
usually only one service, services hard to combine
Page 6
Key Observation
• All previous solutions use a simple but powerful technique: indirection– Assume a logical or physical indirection
point interposed between sender(s) and receiver(s)
• Examples:– IP multicast assumes a logical indirection
point: the IP multicast address– Mobile IP assumes a physical indirection
point: the home agent“Any problem in computer science can be solved by adding a layer of indirection”
Page 7
I3 Solution
• Use overlay network to implement this layer– Incrementally deployable; don’t need to change
IP
Build an efficient indirection layer
on top of IP
IP
TCP/UDP
Application
Indir.layer
Page 8
Internet Indirection Infrastructure (i3)
• Each packet is associated an identifier id• To receive packet with identifier id,
receiver R inserts trigger (id, R) into overlay network
Sender
id Rtrigger
iddata
Receiver (R)
iddata
Rdata
Page 9
Service Model
• API– sendPacket(p);– insertTrigger(t);– removeTrigger(t) // optional
• Best-effort service model (like IP)• Triggers periodically refreshed by end
hosts• ID length: 256 bits
Page 10
Mobility
• Host just needs to update its trigger as it moves from one subnet to another
SenderReceiver
(R1)
Receiver(R2)
id R1id R2
Page 11
iddata
Multicast
• Receivers insert triggers with same identifier
• Dynamically switch between multicast and unicast
Receiver (R1)id R1
Receiver (R2)
id R2
SenderR1data
R2data
iddata
Page 12
Anycast
• Use longest prefix matching instead of exact matching– Prefix p: anycast group identifier – Suffix si: encode application semantics, e.g.,
location
Sender
Receiver (R1)p|s1 R1
Receiver (R2)p|s2 R2
p|s3 R3
Receiver (R3)
R1datap|adata p|adata
Page 13
Service Composition: Sender Initiated
• Use a stack of IDs to encode sequence of operations to be performed on data path
• Advantages– Don’t need to configure path– Load balancing and robustness easy to
achieve
Sender Receiver (R)
idT T id R
Transcoder (T)
T,iddata
iddataRdata
idT,iddata idT,iddata
Page 14
Service Composition: Receiver Initiated
• Receiver can also specify the operations to be performed on data
Receiver (R)
id idF,R
Firewall (F)
Sender idF FidF,Rdata
Rdata
F,Rdataiddata iddata
Page 15
Quick Implementation Overview
• ID space is partitioned across infrastructure nodes– Each node responsible for a region of ID
space• Each trigger (id, R) is stored at the node
responsible for id• Use Chord to route triggers and packets
to nodes responsible for their IDs– O(log N) hops
Page 16
Example
• IDs[0..63] partitioned across five i3 nodes
• Each host knows one i3 node• R inserts trigger (37, R); S sends packet
(37, data)[42..3]
[4..7][8..20]
[21..35][36..41]Sender (S)
Receiver (R)
37 R
37data
Rdata
Page 17
Sender (S)
Optimization: Path Length
• Sender/receiver caches i3 node mapping a specific ID
• Subsequent packets are sent via one i3 node
[42..3][4..7]
[8..20]
[21..35][36..41]
37 R
37data
Rdatacache node Receiver (R)
Page 18
Optimization: Triangular Routing
• Use well-known trigger for initial rendezvous
• Exchange a pair of (private) triggers well-located
• Use private triggers to send data traffic[42..3]
[4..7][8..20]
[21..35][36..41]
37 RR[2]
2 S37[2]
2 [30]30 R
S [30]30data
RdataReceiver (R)
Sender (S)
Page 19
Outline
• OverviewSecurity• Discussion
Page 20
Some Attacks
SRid R
Attacker (A)
id A
Eavesdropping
Attacker
id2 id3id1 id2
id4id3id1id4
Loop
Victim(V)
id3
id3
id3
V Attacker id2 id2
id2
id2
id1 id3
Confluence
Attacker id2id1 id3id2
Dead-End
Page 21
Constrained Triggers
• hl(), hr(): well-known one-way hash functions• Use hl(), hr() to constrain trigger (x, y)
prefix key64 128 64
must match
ID: suffix
x y
x.key = hl(y)
x y
x.key = hl(y.key)
end-host address
Left constrainedx y
y.key = hr(x)Right constrained
Page 22
Attacks & Defenses
Triggerconstraints
Pushback
Triggerchallenges
Public i3node constraints
Eavesdropping&ImpersonationLoops &ConfluencesDead-endsReflection &Malicious trigger-removalConfluenceson i3 public nodes
AttackDefense
Page 23
Design Principles
• Give hosts control on routing– A trigger is like an entry in a routing table!– Flexibility, customization– End-hosts can
•Source route•Set-up acyclic communication graphs •Route packets through desired service points•Stop flows in infrastructure•…
• Implement data forwarding in infrastructure– Efficiency, scalability
Page 24
Design Principles (cont’d)
Host Infrastructure
Internet Data planeControl plane
p2p & End-host overlays
Data planeControl planei3 Data planeControl plane
Page 25
Conclusions
• Indirection – key technique to implement basic communication abstractions– Multicast, Anycast, Mobility, …
• Building efficient indirection layer on IP– Triggers, and DHTs to map to the location
Page 26
Discussion
• Value of composition?– Middlebox functionality– E.g., transcoding, firewall, caching, etc.
• Efficiency cost?– Stretch by traversing intermediate node– Processing and storing of triggers
• Complexity?– When trying to reduce stretch– When trying to cache information– …
• Should indirection be part of future Internet?
Page 27
Next Two Weeks
• Guest lectures– 11/18: Mike Freedman– 11/20: Sharon Goldberg– 11/25: Mung Chiang
• No class on 11/27 due to Thanksgiving• I’ll be in Thailand
– Co-chairing Asia Internet Engineering Conference
• After Thanksgiving– Programmability and virtualization…