networking named content-1 - university of texas at austin€¦ · networking named content ......
TRANSCRIPT
4/10/2010
1
Networking Named Content
Van Jacobson Diana K. Smetters James D. Thornton Michael F. Plass
Nicholas H. Briggs Rebecca L. Braynard
March 26, 2010Presented by Jaeyoun Kim for CS 395T course
1
Contents
1. Introduction
2. CCN Node Model
3. Transport
4. Routing
5. Content‐Based Security
6. Evaluation
7. Conclusions
2
4/10/2010
2
Introduction
• Principles & Architecture of Today’s Internet– Created in the 1960‐1970s– Resource sharing (Computers, disk drives, etc)– Conversation between two machines (source & destination)
• Internet has changed.– 500 exabytes (500 x 10^18 Bytes) of content created (2009)– People are interested in “what” content ‐ not “where”it is
incompatible with current Internet architecture
3
Introduction (cont.)
• Issues of Today’s Internet model– Availability
• Requires pre‐planned, application‐specific mechanisms
– Security• Trust in content is easily misplaced
– Location‐dependence• Mapping content to Host location complicates configuration/implementation
• Direct Solution– Replace “where” with “what”
4
4/10/2010
3
Content‐Centric Networking (CCN)
• Create a simple, universal, flexible communication architecture that:– Matches today’s communication problems
– Matches today’s application design patterns
– Is at least as scalable & efficient as TCP/IP
– Is much more secure
– Requires far less configuration
5
TCP/IP and CCN Protocol Stacks
• Replace packets with Data Objects or Interests
• Replace Addresses with Names of Objects
6
4/10/2010
4
TCP/IP and CCN Protocol Stacks (cont.)
• Strategy layer– Take advantage of multiple connectivity under changing condition due to its simpler relationship with layer 2
– Makes the fine‐grained, dynamic optimization choices
• Security layer– Secure content itself, avoiding host‐based vulnerabilities
7
CCN Node Model – Two Packet Types
• interest (similar to http “get”) and data(similar to http “response”).
8
4/10/2010
5
CCN Node Model Overview
• Consumer broadcasts its Interest over all available connectivity
• Data is transmitted only in response to an Interest and consumes that Interest
• Data satisfies an Interest if ContentName in the Interest is a prefix of that in the Data
9
CCN Names…
• Opaque, structured byte strings• component count then, for each component, a byte count followed by that many bytes:
/parc.com/videos/WidgetA.mpg/_v<timestampe>/_s3
• ‘Longest match’ lookups (similar to IP prefix lookups)– http://example.com/videos/a.mpg “matches”
http://example.com/videos/a.mpg/v3
• Lookup is as efficient as IP’s– ContentName can be hashed
10
4/10/2010
6
CCN Forwarding Engine ‐ Diagram
11
Three Data Structures
1. Forwarding Information Base (FIB)– A table of destinations for Interests– Identical to an IP FIB except the list of output faces (can have multiple sources)
2. Content Store (CS)– Same as the buffer memory of an IP router, yet different replacement policy (LRU or LFU)
3. Pending Interest Table (PIT)– A table of sources for unsatisfied Interests
12
4/10/2010
7
CCN Forwarding Engine Operation
13
Transport
• Designed to operate on unreliable packet delivery services (e.g. Mobile)
• Data senders are stateless• Final consumers keep track of unsatisfied Interests and ask again after a time‐out
• Data cannot loop, yet interest can loop.– Interest packet has random nonce to detect and prevent a loop
14
4/10/2010
8
Transport ‐ Reliability and Flow Control
• One Interest retrieves at most one Data Packet– Ensures flow balance and allows for efficient communication
• Possible to overlap data and requests (same as TCP window)
• No need for additional techniques to control congestion in the middle of a path– All communication is local
– Flow balance is maintained over each hop
15
Transport – Sequencing
• Use hierarchical, aggregatable names to locate and share data
• Reflect some organizational structure of their origin
16
4/10/2010
9
Transport – Sequencing (cont.)
• Name of the next Data– Mostly not known in advance
– Specifies it relative to something whose name is known
• Totally ordered CCN name tree– “next” or “previous” can be interpreted without any knowledge of name semantics
17
Transport – Sequencing (cont.)
/parc.com/videos/WidgetA.mpg RightmostChild
LeftmostRightSibling or simply _s1 since the segmentation rules are known (and determined) by the application
18
4/10/2010
10
Rich Connectivity, Mobility and Strategy
• Forwarding choices example link
– Actions : sendToAll, sendToBest, markAsBest
– Triggers: intrestSatisfied, interestTimeout
– Attributes: BroadcastCapable, isContentRouter
• Default Strategy– Send an Interest on all broadcastCapable faces
– if no response, try other faces in sequence
19
CCN and Internet Routing
• Embedding CCN in existing Internet routing– CCN Forwarding model IP model
– Fewer restrictions
– Allows for immediate, incremental deployment
– Almost automatic Routing infrastructure protection
20
4/10/2010
11
Intra‐Domain Routing
• IP and CCN forwarding are almost identical, yet prefixes are different
• Expressing CCN prefixes– TLV (Type Label Value) of OSPF or IS‐IS can distribute CCN content prefixes
• No modification necessary– CCN Interest/Data forwarding can be built on existing infrastructure
21
Intra‐Domain Routing (cont.)
Interest: /parc.com/media/art/history.mp4
/parc.com/media A3 B
/parc.com/media/art A1 R1
/parc.com/media/art A3 B
/parc.com/media B1 R2
/parc.com/media/art B1 R2
/parc.com/media/art B2 A
/parc.com/media F1 B
/parc.com/media/art F1 A, B
/parc.com/media E2 B
/parc.com/media/art E1 A,B
2
2 3
41
3
1
1
2
21
1
1
2
R1 R2
FIBFIB
FIB
FIB
Interest: /parc.com/media/art/history.mp4
2nd copy 2nd copy
22
4/10/2010
12
Inter‐Domain Routing
• CCN can be deployed in the existing BGP infrastructure and reduce peering cost.
• CCN supporting Domains separated by non‐CCN ISPs– Use the prefix in a DNS lookup, yet does not work if the gap is not at the edges• Fixable because BGP has the equivalent of the IGP TLV mechanism
• BGP AS‐path information lets each domain construct a topology map
23
Content‐Based Security
• Core Design– Protection and trust travel with the content itself
– Content is authenticated with digital signatures
– Private content is protected with encryption
• Benefits– Reduces the trust we must place in network intermediaries
24
4/10/2010
13
Content Validation
• CCN authenticate binding between names and content– No need for an indirection infrastructure
• CCN data is publicly authenticatable• Signed CCN data
– Contain info. to enable retrieval of the public key
• Purely Syntactic Validation– Simply verifies that content was signed by the key it purports
25
Managing Trust
• CCN’s Trusting Keys solve traditional key management problems (Associating public keys with individuals and organizations)
– Easy to find a key using naming conventions
– Effectively generate a certificate for the key: binding ‐ sign_by_publisher[name, Key]
– Does not mandate a one‐size‐fits‐all trust model (Trust is between publishers and consumers)
26
4/10/2010
14
Trust Establishment• Associating name spaces with public keys
Authorization at one level of content namespace is given by a signature from a key at a higher level.
parc.com authorizing george
george authorizes the key for his desktop computer
27
Content Protection and Access Control
• Use Encryption for controlling access– Does not require trusted servers or directories
– Encryption of content: Completely transparent to the network
• Use Name convention– Easy to find the decryption key
28
4/10/2010
15
Network Security and Policy Enforcement
• Possible Attacks– Hiding Legitimate Content ‐ Simply not returning an available later version
– Drowning it ‐ Preventing its delivery by overwhelming it in a sea of spurious packets
• Hiding Solution– Consumers place constraints on the publishers whose content can satisfy their interests, or
– specify the publisher (by public key) or a specific key
29
Solutions to Flooding
• Data Flooding Solution– Consume Interests
• Interest Flooding Solution–Aggregate multiple interests requests– Check if that Interest successfully retrieves Data
– Throttle the # of Interests downstream routers forward by name prefix
–Use Policy‐based routing (Content Firewall)
30
4/10/2010
16
Evaluation – Data Transfer Efficiency
• Transfer 6MB file, as a function of # of pipelines– TCP: Window size
– CCN: # of Outstanding Interests
• 6,278 individually named, signed CCN content objects each with one KB of data
31
Bulk data transfer performance
32
4/10/2010
17
Bulk data transfer performance
• CCN requires 5 times the pipelining of TCP (20 packets vs. 4 packets)
• CCN’s performance is lower than TCP– Due to “Overhead of TCP test” + “Additional overhead for its own headers”
– CCN was encapsulated in IP/UDP
33
Evaluation ‐Web Content Efficiency
• Web page (Google) vs. Secure Web Page (Wells Fargo)– CCN Ethernet : directly into 1.5KB ethernet packets (payload size of 1230 Bytes)
– CCN UDP: max payload size of 7656 Bytes
34
4/10/2010
18
Web Content Efficiency (cont.)
35
Evaluation ‐ Content Distribution Efficiency
• 2‐Hop Hub and Spoke Topology
• Sinks simultaneously pulled 6MB data file
increase linearly
stay constant
36
4/10/2010
19
Evaluation ‐ Voice over CCN
• Ran linphone‐based VoCCN clients
• No packets were lost
• A small number of VoCCN packets (< 0.1%) were dropped for arriving too late
37
Voice over CCN – Automatic Failover
1st Failover (82 seconds) 2nd Failover (120 seconds)38
4/10/2010
20
Conclusions
• Content Centric Network
–uses “named content” as its central abstraction rather than host identifiers
– retains the simplicity and scalability of IP
–offers better security, delivery efficiency, and disruption tolerance
–designed to replace IP, but can be incrementally deployed as an overlay
39