towards a new naming architectures ion stoica, scott shenker, and many others…
TRANSCRIPT
![Page 1: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/1.jpg)
Towards a New Naming Architectures
Ion Stoica, Scott Shenker, and many others…
![Page 2: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/2.jpg)
2
Goals
• Support – Mobility: machine, data, session– Multi-homing, multiple-interfaces
• Make middle-boxes part of architecture• Security
– Better support against DDoS– Anonymity
• …
![Page 3: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/3.jpg)
3
Designs
• Host Identity Protocol (HIP)• Internet Indirection Infrastructure (i3)• Semantic-Free Referencing (SFR)• Layered Naming Architecture (LNA)
![Page 4: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/4.jpg)
4
Designs
Host Identity Protocol (HIP)• Internet Indirection Infrastructure (i3)• Semantic-Free Referencing (SFR)• Layered Naming Architecture (LNA)
![Page 5: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/5.jpg)
5
Host Identity Protocol (HIP)
• Provides: – Fast mobility– Multi-homing– Support for different addressing schemes
• Transparent IPv4 to IPv6 migration – Security
• Anonymity • Secure and authenticate datagrams
![Page 6: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/6.jpg)
6
HIP
• A public key used to identify an end-host
• A 128-bit host identity tag (HIT) used for system calls– HIT is a hash on public key– Global scope
• A 32-bit local scope identifier (LSI) for IPv4 compatibility
HIT replaces IP address as a name of a system
HIT replaces IP address as a name of a system
![Page 7: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/7.jpg)
7
Protocol Stack
Process
Transport
IP Layer
<IPaddr, port>
<IPaddr>
Process
Transport
HIP Layer
IP Layer
<HIT, port>
<IPaddr>
<HIT>
![Page 8: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/8.jpg)
8
HIT
How It Works?
Client app
HIP layer
IPsec
HIPdaemon
DNSlibrary
DNSDNS request
DNS reply =
pubkey (P)
HIT=hash(P)IPaddr
Client app
HIP Layer
IPsec
HIPdaemon
4-way authenticationTransport
HIT
IPaddr, P
send(HIT)
send(HIT)
send(IPaddr)
send(IPaddr)
Transport
![Page 9: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/9.jpg)
9
Designs
• Host Identity Protocol (HIP) Internet Indirection Infrastructure (i3)• Semantic-Free Referencing (SFR)• Layered Naming Architecture (LNA)
![Page 10: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/10.jpg)
10
Internet Indirection Infrastructure (i3)
• Supports:– Mobility– Multi-homing– Anycast– Multicast
• Accommodate middle-boxes• Security
– Anonymity– DoS
![Page 11: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/11.jpg)
11
Internet Indirection Infrastructure (i3)
• Each packet is associated an identifier id• To receive a packet with identifier id,
receiver R maintains a trigger (id, R) into the overlay network
Sender
id Rtrigger
iddata
Receiver (R)
iddata
Rdata
![Page 12: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/12.jpg)
12
Integrate Middle-Boxes
• Use a stack of IDs to encode sequence of operations to be performed on data path
SenderReceiver (R)
idT Tid R
Transcoder (T)
T,iddata
iddata
Rdata
idT,iddata idT,iddata
![Page 13: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/13.jpg)
13
i3 Identifiers
• 256-bit IDs• ID ultimately mapped to an (IPaddr:port)
– Mapping under application control• ID can represent
– A host, flow, service, etc
ID can identify any entity thatcan receive packets
ID can identify any entity thatcan receive packets
![Page 14: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/14.jpg)
14
Sender specific
Protocol Stack
Process
Transport
IP Layer
<IPaddr, port>
<IPaddr>
Process
Transport
i3 layer(IPlocal->ID)
IP Layer
ID/<IPlocal, port>
<IPi3>
<ID>
local scope
![Page 15: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/15.jpg)
15
How It Works?(Native i3 Applications)
Client app
i3 layer
DNSDNS request
DNS reply = id
send(IPi3)
Client app
i3 layer
IP
i3daemon
IP
Transport
id RIPi3
Receiver R
send(id)
Transportsend(id)
send(id)
![Page 16: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/16.jpg)
16
How It Works?(Legacy Applications)
Client app
i3 layer
i3daemon
DNSlibrary
DNSDNS request
DNS reply = id
id
send(IPlocal, port)
send(IPi3)
Client app
i3 layer
IP
i3daemon
IPlocal
id,IPlocal
IP
Transport
id (r:p)IPi3
IP address: r
send(id)
send(r,p)
Transport
![Page 17: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/17.jpg)
17
Designs
• Host Identity Protocol (HIP)• Internet Indirection Infrastructure (i3)Semantic-Free Referencing (SFR)• Layered Naming Architecture (LNA)
![Page 18: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/18.jpg)
18
Goal: Address DNS Limitations
• DNS names identify machines and organizations not data – Data cannot be easily moved – Data cannot be easily replicated
• DNS names are brand names– Political fighting
![Page 19: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/19.jpg)
19
SFR Solution
• Use IDs instead of DNS name• ID space is flat and IDs have no
semantics• A generalization of DNS
– Returns metadata instead of an IP address
• How to implement it?– Use distributed hash-tables (DHTs)!
![Page 20: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/20.jpg)
20
DHT Primer
• Interface– put(id, data)– data = get(id)
• Highly scalable– O(log N) hops to execute an operation
• Highly robust– Can tolerate ~50% of nodes going down
• Highly dynamic– Entries can be changed very fast
![Page 21: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/21.jpg)
21
Designs
• Host Identity Protocol (HIP)• Internet Indirection Infrastructure (i3)• Semantic-Free Referencing (SFR) Layered Naming Architecture (LNA)
![Page 22: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/22.jpg)
22
Layered Naming Architecture (LNA)
• Supports:– Mobility– Multi-homing
• Integrate middle-boxes• Security (through middle-boxes)
– Anonymity– DoS– …
![Page 23: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/23.jpg)
23
A Old Naming Taxonomy
• Four kinds of network entities (Saltzer):– Services (and data)– Hosts (endpoints)– Network attachment points– Paths
• Should name each individually:– Ignore paths (router involvement)– IP addresses name attachment points– Endpoint identifiers (EIDs) name hosts – Service identifiers (SIDs) name services/data
![Page 24: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/24.jpg)
24
Protocol Stack
Process
Transport
IP Layer
<IPaddr, port>
<IPaddr>
Process
Transport
EID↔IP
IP Layer
<EID, port>
<IPaddr>
<EID>
SID↔EID <SID>
![Page 25: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/25.jpg)
25
How It Works?
Client app “DNS”DNS request
DNS reply = sid
send(IPi)
Client app
LNAdaemon
IP
Transport
send(sid)
DHTeid = get(sid)SID↔EI
Dsend(eid)
EID↔IP
send(eid) IP = get(eid)
put(sid, eid)put(eid, IP)
IP
Transport
SID↔EID
EID↔IPIntermediary (IPi)
![Page 26: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/26.jpg)
26
Principles
• Don’t bind to lower-level IDs prematurely – Host mobility and renumbering (HIP)– Service and data migration
• Resolution of name need not point to object itself, but can point to its delegate– Resolution can point to intermediaries who
process packets on behalf of the named target
![Page 27: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/27.jpg)
27
Naming Architecture Requirements
1) There should be a layer in the protocol stack that uses IDs not IP addresses• Mobility, multi-homing, replications, …
2) IDs should be able to name arbitrary objects
3) IDs should encode as little semantics as possible
4) End-points should be able to use indirection at the ID level• Integrate middle boxes
![Page 28: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/28.jpg)
28
How Many ID Layers?
• HIP: one layer; IDs identify machines• SFR: one layer; IDs identify data• i3: one layer; IDs identify arbitrary
objects• LNA: two layers
– EIDs identify machines– SIDs identify everything else
![Page 29: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/29.jpg)
29
When is the Resolution IDIP Done?
• SFR: above transport• HIP: below transport, at HIP layer• i3: in the infrastructure• LNA: below transport
– But IP address can be an intermediate point
![Page 30: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/30.jpg)
30
Security Support?
• HIP: – Authentication, data integrity– Anonymity at transport layer – Transport layer resistance to DoS attacks
• i3– Anonymity at IP layer– Some DoS defense at IP layer– Everything else can be done though middle-
boxes • LNA
– Everything can be done through middle-boxes
![Page 31: Towards a New Naming Architectures Ion Stoica, Scott Shenker, and many others…](https://reader035.vdocuments.us/reader035/viewer/2022062321/56649dc55503460f94ab8ed8/html5/thumbnails/31.jpg)
31
Resources
• HIP: http://homebase.htt-consult.com/~hip/
• SFR: http://nms.lcs.mit.edu/projects/sfr/• i3: http://i3.cs.berkeley.edu