P2P for the People Bringing Peer-to-Peer from the Laboratory into the Windows Operating System Sandeep K. Singhal, Ph.D Product Unit Manager Windows P2P.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
P2P for the PeopleP2P for the PeopleBringing Peer-to-Peer from the Bringing Peer-to-Peer from the
Laboratory into the Laboratory into the Windows™ Operating SystemWindows™ Operating System
Sandeep K. Singhal, Ph.DProduct Unit ManagerWindows P2P and Collaboration TechnologiesMicrosoft [email protected]
Windows VistaPeer Name Resolution Protocol (PNRP)P2P Graphing and GroupingPeer Identity ManagerP2P ContactsPeople Near MeServerless Presence and PublishingP2P Application Invitation
Windows Communication FoundationPeer Channel
Jul 2003P2P Toolkit
first released inAdvanced
NetworkingPack for
Windows XP SP1
Aug 2004P2P ToolkitIntegrated
intoWindows XP SP2
Windows XPPeer Name Resolution Protocol (PNRP)P2P Graphing and GroupingPeer Identity Manager
P2P in Microsoft WindowsP2P in Microsoft Windows
P2P Platform in Windows P2P Platform in Windows VistaVista
Addressing and Connectivity
Experiences
Identity and Naming
DiscoverySession Initiation
Multi-Party Comms
Application Services
IPv6IPv6
TeredoTeredoISATAPISATAP
6to46to4
P2P P2P Contacts Contacts
and and Auth.Auth.
P2P P2P name name
resolutioresolution (PNRP)n (PNRP)
E-mail E-mail address address name name
resolutioresolutionn
People People Near MeNear Me
ServerleServerless ss
Presence Presence and and
PublishiPublishingng
ApplicatiApplication on
InvitatioInvitationn
Overlay Overlay NetworkNetwork
ss
Message Message MulticasMulticas
t and t and Web Web
ServicesServices
Shared Shared DatabasDatabas
ee
ReplicatReplicated Filesed Files
App and App and Desktop Desktop SharingSharing
What Have We Learned?What Have We Learned?
Technology is hard
Ecosystem is complex
What is the “Internet”?What is the “Internet”?
In the lab…In the lab…Everything is connectedEverything is connected
Hundreds of hostsHundreds of hosts
Controlled environmentControlled environment
In reality…In reality…Partial connectivityPartial connectivity
Hosts get unique IPv6 addressHosts get unique IPv6 addressConstructed from public IPv4 Constructed from public IPv4 address/portaddress/port
Used by stack to construct UDP Used by stack to construct UDP “wrapper” around IPv6 packet“wrapper” around IPv6 packet
Transparent to applicationTransparent to applicationApplication programs to IPv6 address and Application programs to IPv6 address and has access to full protocol range, port has access to full protocol range, port range, etc.range, etc.
Teredo sessions automatically Teredo sessions automatically established on demandestablished on demand
Send request to service, construct IPv6 address from public IPv4 address/port (e.g. XX:IPv4:port::/64)
1
Send a bubble to the destination address to open the NAT mapping
2
Send the packet to relay for delivery to destination
3
Future traffic can be send directly to nodes
5
Machine AXX::9D01:101:460:XX
Machine CXX::AC01:101:464:XX
172.1.1.1
NATNAT
Send a response to create a mapping in the NAT
4
The Internet is BigThe Internet is Big
GoalGoalOne billion active nodes in active P2P One billion active nodes in active P2P systemssystems
Example: Peer Name Resolution Protocol Example: Peer Name Resolution Protocol (PNRP), specialized DHT for serverless (PNRP), specialized DHT for serverless name resolutionname resolution
ChallengeChallengeInternet impact is potentially hugeInternet impact is potentially huge
One billion nodes, each at 1 bps sent One billion nodes, each at 1 bps sent inefficiently…inefficiently…
““Small beta”: Millions…Small beta”: Millions…
QuestionsQuestions
CorrectnessCorrectnessAre there bugs?Are there bugs?
Will it scale and work in complex network Will it scale and work in complex network topologies? topologies?
Have we introduced regressions?Have we introduced regressions?
CharacterizationCharacterizationHow much client / router bandwidth will it How much client / router bandwidth will it use?use?
How much backbone bandwidth will it How much backbone bandwidth will it use?use?
How long does an operation take?How long does an operation take?
Can we make it better?Can we make it better?
WiDS is Distributed WiDS is Distributed SimulationSimulation
WiDS
Agent
Node 1
Node N
Node 2
Slave1
Controller
Slave2 SlaveNMaster
Agent
Node 1
Node N
Node 2
Agent
Node 1
Node N
Node 2
SimulationSimulation
Design and implementationDesign and implementationDiscovered protocol behaviors that Discovered protocol behaviors that only become visible at scaleonly become visible at scaleFound implementation crashes and Found implementation crashes and race conditions that only occur at race conditions that only occur at scalescale
Deep understanding of bandwidth Deep understanding of bandwidth useuse
Background trafficBackground trafficActive trafficActive trafficTestbed for optimizationsTestbed for optimizations
Security modeling and analysisSecurity modeling and analysis
• 2 million nodes on 250 machines2 million nodes on 250 machines• Internet latency mapsInternet latency maps• Different node behaviorsDifferent node behaviors
What Can’t We Do (Yet)What Can’t We Do (Yet)
Validate the Validate the entireentire real stack real stackProduction code uses Winsock, not Production code uses Winsock, not messagesmessages
Validate system behavior with Validate system behavior with complex network factors like Teredocomplex network factors like Teredo
Integrate simulation with our Integrate simulation with our automated test systemsautomated test systems
Simulations are still slowSimulations are still slow
… … but you have to work around itbut you have to work around itSeparate failed machines from runSeparate failed machines from run
Run goes onRun goes on
Debug the failure off-lineDebug the failure off-line
Simulation-based testing and debugging Simulation-based testing and debugging processprocess
Automate everything possible to minimize Automate everything possible to minimize simulation run turnaround time and human simulation run turnaround time and human errorerror
SecuritySecurity
What’s wrong with this What’s wrong with this picture?picture?
Is this better?Is this better?
200200
800800
450450
500500
350350200200
800800
450450
500500
350350
Common P2P AttacksCommon P2P Attacks
Packet dropsPacket drops
Packet injectionPacket injection
Packet modification or mis-routingPacket modification or mis-routing
Packet delayPacket delay
TopologicalTopological Distributed
Anonymous
Mobile At surface, like normal Internet behavior
Our ApproachOur Approach
Detailed threat modelingDetailed threat modelingIdentify “resources” critical to systemIdentify “resources” critical to system
Determine system entry pointsDetermine system entry points
Analyze impact and mitigationsAnalyze impact and mitigations
Formal security analysisFormal security analysis
SimulationSimulation
Penetration testingPenetration testing
Confirm mitigationsConfirm mitigations
What Have We Learned?What Have We Learned?
Design security into Design security into the system corethe system core
PNRP names are cryptographically signed
Flower-petal rather than chained resolves
Check integrity of “leaf” nodes in routing tables
Shuffle neighbor links, create redundant routes
Link creation of Link creation of value to network value to network loadloadValidate system-Validate system-critical resourcescritical resources
Aggressive use of Aggressive use of randomizationrandomization
P2P does not bring enough value P2P does not bring enough value (especially relative the risk)!(especially relative the risk)!
I know how to deploy servers, why I know how to deploy servers, why learn something new?learn something new?
How do I control it?How do I control it?
How will I monitor it?How will I monitor it?
How can I provision my network?How can I provision my network?
What Have We Learned?What Have We Learned?
P2P adoption will be driven by P2P adoption will be driven by legitimate applications that legitimate applications that add end-add end-user valueuser value
Enterprises and ISPs desire Enterprises and ISPs desire predictable network behaviorpredictable network behavior
As with all things, P2P must be As with all things, P2P must be manageablemanageable
By policy within the enterpriseBy policy within the enterprise
ISPs… ISPs… And… there remains much to do…And… there remains much to do…
Call to ActionCall to Action
P2P researchP2P researchHelps reduce Internet complexityHelps reduce Internet complexity
Robust and secure systemsRobust and secure systemsHow to balance security, usability, and How to balance security, usability, and performanceperformance
Help make adoption easierHelp make adoption easierMonitoring and control of P2P traffic, quality Monitoring and control of P2P traffic, quality of serviceof service
Models for bandwidth, latency, and costModels for bandwidth, latency, and cost
Applications that bring P2P to the Applications that bring P2P to the PeoplePeople
ResourcesResourcesWeb sitesWeb sites
Windows Peer-to-Peer Networking: Windows Peer-to-Peer Networking: www.microsoft.com/p2pwww.microsoft.com/p2pIPv6 and Teredo: IPv6 and Teredo: www.microsoft.com/ipv6www.microsoft.com/ipv6Windows Vista SDK: Windows Vista SDK: windowssdk.msdn.microsoft.comwindowssdk.msdn.microsoft.com(go to Networking->Network Communication)(go to Networking->Network Communication)