Virtual Internet Research at the Postel Center

Joe Touch USC/ISIJanuary 2004 1

Virtual Internet Research at the Postel Center

Joe TouchPostel CenterComputer Networks DivisionUSC/ISI

January 2004 2Joe Touch USC/ISI

Outline:

VIs: definition & architecture Using VIs:

X-Bone – deploying VIs DynaBone – multilayer VIs for fault

tolerance, security, and performance Supporting VIs:

NetFS – OS support for VIs DataRouter – app.-directed net-layer

forwarding


VI Definition

VI is a network composed of: Virt. hosts, virt. routers, virt. links

(tunnels) Provides at least the same services as IA In a virtual context

First-principles extension More than a patch More than interim


Motivation

Unified, consistent virtual architecture VPNs, overlay nets, peer nets Incremental deployment of new services Ongoing experiments

Topology-based services DHTs, geographic forwarding [GeoNet],

string-rewriter forwarding [DataRouter] Layer-based services

Contained dynamic routing, fault tolerance (FEC), security (traffic hiding), multi-algorithm [DynaBone], Plutarch’s subnet composition


Extra Constraints

Internet-like Routing (link up) vs. provisioning (link add)

…one header to bind them all… (use IP, provide IP recursion)

Complete E2E system All VNs are E2E

VN “Turing Test” A net can’t tell it’s virtual

Use existing protocols, OSs, apps.


Principles

TENET 1. Internet-like VIs = VRs + VHs + tunnels Emulating the Internet

TENET 2. All-Virtual Decoupled from their base network

TENET 3. Recursion-as-router Some of VRs are VI networks


Recursion-as-Router

Hierarchy w/connected sub-overlays Sub-overlays look like routers

Base networkBase network

Primary overlayPrimary overlay

Sub-1Sub-1 Sub-2

Sub-2


Corollaries

Behavior: VH adds/deletes headers VRs transit (constant # headers)

Structure: VIs support concurrence VIs support revisitation

Each VI has own names, addresses Address indicates overlay context


Detailed Architecture

Components: VH hidden router VL 2 layers (strong link, weak net) VR partitioned forwarding

Capabilities: Revisitation multihoming Recursion router as network, BARP

RUNNING CODE (FreeBSD, Linux, Cisco)


Architecture Use:New Concepts

Recursion, revisitation BARP

Service to deploy & manage VIs Language for describing VIs

Control / deployment Network


More Concepts:Service composition


Primary overlayPrimary overlay

Sub-1Sub-1 Sub-2

Sub-2

Compose: X-Bone,

DTN, Plutarch

Alternate: DynaBone,

Control Plane,FEC, Boosters


OuterlayOuterlay

Sub-1Sub-1

Sub-2Sub-2

Sub-3Sub-3


More Architecture Uses:Correct/explain anomalies

Multihoming Phantom router in all hosts Input context for forwarding/binding

Revisitation Two-level tunnels Input context sets

IPsec tunnel mode & dynamic routing


Typical Q’s

Why not VPNs/Peer, etc.? Most net-level are incremental, partial, etc. App. Level recapitulates network & won’t compose

Isn’t this more complex? AS-like management encapsulation (multi-level) Can make application view simpler (per-app. networks)

Isn’t this suboptimal/non-diverse? So is VM; like VM, OOB info. & direct measurements can

help Layering implies increasing coarseness

Wasn’t this done in (X) before? VIA is uniform, consistent, & implemented

What’s so hard? See “uses” & “anomalies”


Performance Impact

1/N performance

0

25

50

75

100

125

150

175

200

1 10 100encapsulations

K p

kts

/se

c

Netgraph

GIF

Host-host

Host-router-host


Prior & Related Work

Service/new protocols Cronus, M/6/Q/A-Bone

Multi/other layer Cronus, Supranet, MorphNet, VANs

Partial VPN, VNS, RON, Detour, PPVPN, SOS

Virtualization, Revistation, Recursion X-Bone, Spawning, DynaBone, NetFS, Netlab


VI analogy to VM

Protection For concurrency, separation

Simpler configuration Run over simpler topologies

Decouple from physical Emulate larger/different nets

Automation Generic, external mechanism


Why 2 layers?

Network E2E IDs, routing

Link ICMP, ARP, forwarding

Reasons: Revisitation Separate link-layer IPsec keys Allows separate interfaces – thus dynamic

routing Issues

Overlap for efficiency Strong vs. weak

to YX Y

Strong

X Y

Weak

to Y


X-Bone

Web GUI

X-Bone system Automatedmonitoring

link

xd GUIxd GUI

OverlayManager

OverlayManager

ResourceDaemon

ResourceDaemon

ResourceDaemon

ResourceDaemonResource

Daemon

ResourceDaemon

routerhost

Multiple views

ring-ovl

IP Base

A

B

DC

A

B

DC

star-ovl

A

B

DC

Star Overlay

Base IPv4Network

Ring Overlay


The X-Bone is…

A system for automated overlay deployment Among a closed set of trusted hosts and routers Pprovide coordination, configuration, management Many details are plug-replaceable

New tricks for overlays (use of overlays) Overlays on overlays on overlays on … Fault tolerance, service deployment Member in multiple overlays, in single multiple times

New tricks for old dogs (extend net arch.) Use existing stacks and applications


What We Don’t Do…

Optimize the overlay topology We use a plug-in module (AI folk can provide) It requires network status (emerging now) Fault tolerance only via ground truth (admin.

issue) X-Bone is capability more than performance

(now)

Non-IP overlays IP is the interoperability layer IP recurses / stacks nicely


Creating a Ring Ovl.

isipc2

eql

udel seccos div

sin

bbn

Internet

Ring Ovl.

OM

Request Result


Potential Uses

Test new protocols Test denial-of-service solutions

Deploy new services incrementally Dynamic routing, proxylets, security

Increase lab & testbed utility Overlapping nets, add delay & loss

Scale to 10,000 nodes Simplify view of topology

Support fault tolerance Added level of recovery


Features

Secure X.509 certs, SSL control, ACLs

Resilient Heartbeats with auto-dismantle Crash recovery/restore Detects/avoids replays; idempotent actions w/rollback

Overlay features Dummynet, IPsec

Application deployment ABone Squid proxy system (U. Catalonia) PlanetLab-like slice of vservers


Recent Additions

In 3.0 (1/2004): IPv6 Dynamic DNS/DNSsec Cisco via buddy host Zebra dynamic routing User-specified topology XML-based API

Coming soon Revisitation (using network stacks) Recursion


Architecture issues

Core (PP) VPNs need stub assistance All transport is E2E Inject routes via BGP/RIP or redirect default Often assumes one VPN

Boundary control Typical VPN

O(N) tunnels & routes / O(N) firewall rules Separate routing and firewalls

O(1) routes / O(N) firewall rules Firewall via groups

O(1) routes / O(1) firewall rules


Relation to:

NetLab (net EmuLab) Focuses on L2-VPNs Incorporating X-Bone concepts

Revisitation, IPsec tun over IPIP/GRE

PlanetLab Focuses on OS Primitive networking Reinventing net. configuration mech.


Availability (and not)…

http://www.isi.edu/xbone Platforms

FreeBSD 4.x/5.x (IPv4/6 IPsec) Linux RedHat (IPv4/IPsec only) Cisco via buddy host (IPv4 IPsec, IPv6) Under development/test:

NetBSD (tested only) MacOS X (prelim. testing)

Platforms not capable of VIs: Windows 2K/XP Linux FreeS/WAN Vxworks, Janos PlanetLab inside vserver


Outerlay

DynaBone

Spread-Spectrum Multilayer Internet Overlays

Innerlays


3DES encrypt / Linkstate3DES encrypt / Linkstate

RC5 encrypt / RIPRC5 encrypt / RIP

MD5 auth / staticMD5 auth / staticMD5 auth / staticMD5 auth / staticXPRM

PRM


Goals

Auto platform for spread-spectrum Architecture in which to use … (see BASF) Closed-group communication

E2E, E2(gateway), etc. Enable multilayer defense (IP addr, SPI, decrypts)

Platform for muggles Transparent to applications, protocols, OS’s Auto-deploy


DynaBone via X-Bones

Parallel innerlays Coordinate use via PRMs


OuterlayOuterlay

Sub-1Sub-1

Sub-2Sub-2

Sub-3Sub-3


Layered Overlays

Innerlays A network you can gracefully disconnect Attacker-like parallelsim as a defense

Outerlay Hides the Innerlays from OS, applications Allows transparent restoration

Automated deployment via X-Bone User deployed, trans-AS, no new protocols Integrates heterogeneous net-level

security


PRM Detail

PRM

Mux

per packet?per TCP?

M

Demux

reorder?drop dups?

Monitor

injectmeasure

DDOSAttack

Detection

PerformanceMetrics

(pathchar)


Monitor & Control GUI


NetGraph PRM Module

/data [format]/policy(?value)/stop?innerlay/go?innerlay

PRM

MUX

IFACEAPI

BARP

RR SS

Rand Copy

Web

B-table


PRM Performance

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

1 10 100 1000 10000

Gbps

Kpps


NetFS File System

/netfs

iface route ipfwproto

fxp0lo

default alias1 alias2

ether ip

tcp udp

25 26

mask addr

10.0.0.1default

10

addr mask

255.0.0.0

ipsec

10.3.0.0 255.255.0.0


Goals

Simple, standard interface Across different OS’s File system API and semantics

Fine-grained security User, group, world, etc. Per instance of each resource

Context-dependent views Limits “ifconfig –a” response


Intertwined Vontrol

interfaces Socket API

sockopt

ioctl

sysctl

In-band API

routes

communication channels

NetFS File API


Per-process Context

/netfs

iface route

BA ZYX

Process A

~netfs

iface route

Process B

~netfs

iface route


Related Work

Linux’s /procfs Processes

Jail(fbsd) & vserver(linux) Limits root access to 1 IP addr per

partition Plan 9’s /net

Sockets FreeBSD extensions (underway)

Add naming (kernel hack) to interfaces


DataRouter

P isi.eduS D1 bird #55fea3

#55fea3P usc.eduS D2 D1

D1D2D1

s/(bird)(.*)(isi.edu)/(D2)($2)(usc.edu)/


Motivation

Application-level networks are ‘bad’ Recapitulate the network layer Require additional E2E transport protocols Hard to compose

Network-level overlays not enough Application-level info. is hidden IP forwarding is not sufficient


Goal = peer/DHT support:

Useful: Supports application-directed forwarding Enables composition/integration of app. svcs.

Clean: Avoids reinventing the network layer Avoids reinventing the transport layer

Appropriate: Forwards fast Supports IPsec Is somewhat safe


DataRouter IS:

Header = IP Loose Source Route Network layer option Works as an encapsulation header (ala

IPsec) Entry = string

Explicit application context Forwarding via string rewriting

String (IP address, string’) pair


DataRouter ISN’T:

Routing protocol IP doesn’t force OSPF, BGP, etc.

Overlay configuration IP doesn’t force particular topology


Enabled Capabilities

App. forwarding via network svc.

Late-binding integration One packet: TCP/SYN w/ Google as DR Google DNS IP

Anycast services First DR hop = anycast server Further hops added by appending


Quick FAQ:

This is forwarding; who does routing? Application that would have done forwarding

(Chord, CAN, Napster, Google, DNS) Can transport handle unbound dests?

Use HIP to decouple TCP/UDP from IP What is the API?

DR strings via SOCKOPT Forwarding entries via droute command

Why use REs? Sufficient, efficient, complete

How does it avoid breaking E2E? By allowing E2E TCP

Why use a LSR IP option? Integrates w/existing ICMP, IPsec; allows ‘overlays’;

transparent


Example Uses

All in a parsed string: Class:string metric:string Escape “:” Select largest metric

DNS Longest suffix

DNS Joe.com

URL Exact URL Joe.com/apple

Napster Exact MP3 Hash(title)

Google Closest WebDB

“Harry Potter movie”

IPv4 Longest prefix

IPv4 10.0.0.4


Related Work

Application-directed forwarding DHTs, web proxies… Google, DNS

Alternate network forwarding Dbase index [Carzaniga03] Linda [Carriero86] Data manipilation lang.

[Chandranmenon95] Catanet, TRIAD, I3, IPNL, Heaps, Net Ptrs…

Electronic control


Performance

0

100

200

300

400

IP/reg IP/RER Hash/RER RE/RER UDP TCP

K packets/sec


TetherNet

Complete Internet IP connectivity

Works behind NATs Works behind short-lease DHCP


Subnet Rental


Optical Internets

Optical recapitulates electronic WDM = VCs Burst switching = MPLS/label switching Jump ahead to packet-based

Router Queue-free architecture Forwarding via partial filters TTL decrement IP checksum

LAN Protocols OCDMA MAC design


Forward via Filters Bit-subset groups share next-

hops Remainder to helper router

R = 0%

1 1 0 1‘MATCH’SignalAND

Input

Threshold = 3

“1” “1” “0” “1”

R = 0%R = 0%R = 0%

Threshold = 0

“1” bits correlator

Match = ‘high’

Match = ‘low’NOT

“0” bits correlator

“1” “1” “0” “1”


TTL Decrementer

LSB-first: Invert until 1 Stop @ 1st “1 (delete if no “1”)

Electronic controlElectronic control

MOD

SOA 1(CW)

Signal inversion10 Gbit/s NRZ

“databar”

PD

“data”

D-flip flop

MODpPPLN

D Q

Q

MODp

PPLN

packet out w/updated TTL

1 MOD

SOA 1(CW)

Signal inversion10 Gbit/s NRZ

“ ”

PD

“data”

TTL start

D-flip flop

MODp

PPLN

D Q

Q

MODp

PPLN

2


Internet Checksum

Serial 1-bit full-adder

Xi

CoYi

Ci

S

k2*16 bit delay

k1*16 bit delay


http://www.isi.edu/ xbone

Greg Finn, Steve Hotz, Amy Hughes, Lars Eggert, YuShun Wang, Nimish Kasat, Osama Dosary, Ankur Sheth, Shitanshu Shah, Wei-Chun Chou, Stephen Suryaputra, Savas Guven

dynabone Venkata Pingali, Runfang Zhou

netfs Josh Train

(datarouter) Venkata Pingali

tethernet Lars Eggert, YuShun Wang

pow / ocdma Joseph Bannister, Puroshutham Kamath, Michelle Hauer,

Dinez Gurkin, John McGeehan

Virtual Internet Research at the Postel Center

Documents