end middle end architecture for the internet
play

End-Middle-End Architecture for the Internet Olli-Pekka Lamminen - PowerPoint PPT Presentation

Aug 28, 2022 •306 likes •449 views

End-Middle-End Architecture for the Internet Olli-Pekka Lamminen TKK Networking Laboratory Outline End-Middle-End Architecture IRTF EME Research Group Requirements NUTSS Architecture Feasibility Considerations for

  1. End-Middle-End Architecture for the Internet Olli-Pekka Lamminen TKK Networking Laboratory

  2. Outline ● End-Middle-End Architecture ● IRTF EME Research Group – Requirements ● NUTSS – Architecture – Feasibility ● Considerations for EME Architectures ● Future Work ● References

  3. End-Middle-End Architecture ● Middleboxes have changed Internet – End-to-end traffic model has been broken – Firewalls, NATs, etc. ● Middleboxes need to be included in connection establishment – Endpoints should be aware of middle – Endpoints need means to request services

  4. IRTF EME Research Group ● IRTF Established EME RG in 2006 – Set of requirements for EME architectures ● Common naming ● Flow redirection – globally-unique – endpoint > endpoint – long-term stable – middlebox > endpoint – user-friendly – mobile rerouting ● Access control policies ● Protocol negotiation ● 2-way authentication ● Multi-homing ● Multicast – endpoint <> middlebox ● Information protection ● Fast flow initiation – anonymity – optimally 1 st packet – encryption contains data ● Middlebox discovery ● Incremental – when allowed deployment

  5. NUTSS Architecture ● EME compatible architecture – Created by people behind IRTF EME RG ● Policy-aware edge networks connected to policy-free core ● Edge nets have P-Boxes and M-Boxes – P-Box: controls network policies ● form a tree-like hierarchy ● used during name-routed signalling – M-Box: ' regular' middlebox ● just like middleboxes today (NAT, firewall, ...) ● handles data flows ● Endpoints register to P-Boxes

  6. NUTSS Architecture [naming] ● Stable, user-friendly naming – location-independent – 3-tuple (user, domain, service) ● user: not globally-unique, identifies user ● domain: globally-unique, hierarchical DNS name ● service: globally-unique service identifier – Mapped to 5-tuple address during connection establishment ● Assumes the presence of DNS

  7. NUTSS Architecture [name-routed signalling] ● Used to create path for data flow ● Signalling traverses through P-Box tree – Up until core – Down to endpoint ● P-Boxes add next- hop tokens – Tokens used for address routing

  8. NUTSS Architecture [address-routed messages] ● Data flows through M-Boxes ● Routing by next- hop tokens ● Endpoint addresses given during name- routing

  9. NUTSS Feasibility ● Fulfills many IRTF EME requirements – Mobility by short-lived addresses and rapid renegotiation – Multi-homing from location independence – Multicast with extended naming ● 3-tuples changed 4-tuples ● Performance may be an issue – Lots of signalling overhead – Payload in 1 st packet not possible ● Deployment strategy at draft-stage – Which is OK

  10. Considerations [naming] ● Users want user-friendly names ● Names should be if not globally-unique at least scope-unique – Uniqueness requires coordination – Coordination requires authority (NS) ● Mobile endpoints will be commonplace – Changing location requires updating NS – Network registration helps mobility – Registration and updates require authentication

  11. Considerations [middleboxes] ● Middleboxes are already commonplace – Home routers, web proxies, ... ● Endpoints should be aware of them – Awareness enables flexibility – NAT traversal, firewall control, ... ● Middleboxes need means to advertise ● Endpoints need means to request ● Endpoints should be able to trust middleboxes and vice versa – Service authentication is required

  12. Considerations [trust] ● Trust needs to be provided – Joining network – Name and location updates – Middlebox services ● Who trusts whom? – Endpoints vs. Endpoints – Endpoints vs. Networks, Middleboxes – Between the networks – Inside a network ● Who provides the trust? – Trust relationships between operators – 3 rd party trust authorities

  13. References ● IRTF EME Research Group – [http://www3.tools.ietf.org/group/irtf/trac/wiki/EME] ● NUTSS – [http://www3.tools.ietf.org/group/irtf/trac/wiki/EME_NUTSS] – An End-Middle-End Approach to Connection Establishment Guha & Francis: In Proceedings of SIGCOMM'07 ● Middleboxes – Rethinking the Design of the Internet: The End-to-End Arguments vs. the Brave New World Blumenthal & Clark: ACM TOIT, vol.1, no. 1, Aug. 2001 – Middleboxes No Longer Considered Harmful Walafish et al.: In Proceedings of OSDI'04

  14. End-Middle-End Architecture for the Internet Questions?

Recommend

How do you Improve on the Internet? The eXpressive Internet Architecture: The Internet has been

How do you Improve on the Internet? The eXpressive Internet Architecture: The Internet has been

5/15/2012 How do you Improve on the Internet? The eXpressive Internet Architecture: The Internet has been tremendously successful From Architecture to Network Has sustained tremendous growth g Supports very diverse set of applications

484 views • 10 slides
INTERNET HUB FOR THE MIDDLE EAST AND THE BRIDGE BETWEEN EUROPE, AFRICA, AND ASIA UAE- IX is

INTERNET HUB FOR THE MIDDLE EAST AND THE BRIDGE BETWEEN EUROPE, AFRICA, AND ASIA UAE- IX is

UAE-IX INTERNET HUB FOR THE MIDDLE EAST AND THE BRIDGE BETWEEN EUROPE, AFRICA, AND ASIA UAE- IX is the only neutral Internet exchange platform for the Middle East that interconnects global networks, network operators, and content

293 views • 15 slides
End-to-end principle All control in end stations by Dave Clark e.g. error and flow

End-to-end principle All control in end stations by Dave Clark e.g. error and flow

Introduction to routing in the Internet Internet architecture IPv4, ICMP, ARP Addressing, routing principles (Chapters 23 in Huitema) Internet-1 S-38.121 / Fall-04 / RKa, NB Internet Architecture Principles End-to-end principle All

893 views • 21 slides
Future Internet Future Internet Internet has evolved from 4-node network to ubiquituous, global

Future Internet Future Internet Internet has evolved from 4-node network to ubiquituous, global

An Architecture for An Architecture for Supporting Future Internet Supporting Future Internet Applications Applications Sebastian Mies Institute of Telematics, University of Karlsruhe (TH), Germany The SpoVNet Consortium: University of

268 views • 11 slides
Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet Server Client Attack vectors MAN DNS LAN Client Internet Back Bone Router Networking WWW overview MITM (Man In The Middle) 3 2 4 5 LAN

244 views • 23 slides
Introduction to routing in the Internet Ethernet, switching vs. routing Internet architecture

Introduction to routing in the Internet Ethernet, switching vs. routing Internet architecture

Introduction to routing in the Internet Ethernet, switching vs. routing Internet architecture Addressing, routing principles Protocols: IPv4, ICMP, ARP (Chapters 23 in Huitema) Internet-1 S-38.2121 / Fall-07 / RKa, NB Ethernet Most

635 views • 26 slides
End-to-end principle by Dave Clark Hop-by-hop control vs. End-to-end control In X.25

End-to-end principle by Dave Clark Hop-by-hop control vs. End-to-end control In X.25

Introduction to routing in the Internet Internet architecture IPv4, ICMP, ARP Addressing, routing principles (Chapters 23 in Huitema) Internet-1 S-38.2121 / Fall-06 / RKa, NB Internet Architecture Principles End-to-end principle by Dave

669 views • 23 slides
HAIR: Hierarchical Architecture for Internet Routing Re-Architecting the Internet ReArch 09

HAIR: Hierarchical Architecture for Internet Routing Re-Architecting the Internet ReArch 09

HAIR: Hierarchical Architecture for Internet Routing Re-Architecting the Internet ReArch 09 Wolfgang Mhlbauer ETH Zrich / TU Berlin wolfgang.muehlbauer@tik.ee.ethz.ch Anja Feldmann Luca Cittadini Randy Bush Olaf Maennel Deutsche

403 views • 21 slides
A Fully-Flexible Internet Architecture for the Next-Generation Tactile Internet Mohamed Faten

A Fully-Flexible Internet Architecture for the Next-Generation Tactile Internet Mohamed Faten

2 nd Visions for Future Communications Summit Technologies and Services Towards 6G Introducing FlexNGIA: A Fully-Flexible Internet Architecture for the Next-Generation Tactile Internet Mohamed Faten Zhani cole de technologie suprieure

827 views • 57 slides
An Radical but Incrementally Deployable Vision for Future Internet Architecture James McCauley,

An Radical but Incrementally Deployable Vision for Future Internet Architecture James McCauley,

An Radical but Incrementally Deployable Vision for Future Internet Architecture James McCauley, Yotam Harchol, Aurojit Panda, Barath Raghavan, Scott Shenker (UC Berkeley, NYU, USC, ICSI) The Internet architecture of today Based on IP

477 views • 44 slides
Delivering Internet-of-Things (IoT) Services in MobilityFirst Future Internet Architecture Jun

Delivering Internet-of-Things (IoT) Services in MobilityFirst Future Internet Architecture Jun

Delivering Internet-of-Things (IoT) Services in MobilityFirst Future Internet Architecture Jun Li, Y. Shvartzshnaider, J. Francisco, R. Martin, K. Nagaraja and D. Raychaudhuri WINLAB, Rutgers University October 24-26 th , 2012 October 24-26,

451 views • 21 slides
Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security: Repelling the Wily Hacker, Cheswick, Bellovin, and Rubin. New second edition Firewall and Internet Security, the Second Hundred (Internet)

801 views • 78 slides
Experiencing a new Internet Architecture Adrian Perrig, Network Security Group The Internet is on

Experiencing a new Internet Architecture Adrian Perrig, Network Security Group The Internet is on

Experiencing a new Internet Architecture Adrian Perrig, Network Security Group The Internet is on Fire! Lack of sovereignty Frequent outages https://downdetector.com Constant DDoS attacks https://www.digitalattackmap.com

730 views • 48 slides
The network neutrality bot architecture: a preliminary approach for self-monitoring of Internet

The network neutrality bot architecture: a preliminary approach for self-monitoring of Internet

The network neutrality bot architecture: a preliminary approach for self-monitoring of Internet access QoS Simone Basso Antonio Servetti Juan Carlos De Martin NEXA Center for Internet &amp; Society Politecnico di Torino, Italy

522 views • 14 slides
SEDA: An Architecture for Well-Conditioned Scalable Internet Services Matt Welsh, David Culler,

SEDA: An Architecture for Well-Conditioned Scalable Internet Services Matt Welsh, David Culler,

SEDA: An Architecture for Well-Conditioned Scalable Internet Services Matt Welsh, David Culler, and Eric Brewer presented by Ahn, Ki Yung Staged Event-Driven Architecture Designed for highly concurrent Internet services Applications are

493 views • 13 slides
Internet architecture Ov Over ervie iew Packet switching over circuit switching

Internet architecture Ov Over ervie iew Packet switching over circuit switching

Internet architecture Ov Over ervie iew Packet switching over circuit switching End-to-end principle and Hourglass design Layering of functionality Portland State University CS 430P/530 Internet, Web &amp; Cloud Systems Pac

396 views • 22 slides
FUTURE INTERNET ARCHITECTURE Marc Mosko Palo Alto Research Center ACM ICN Panel 2016, Kyoto

FUTURE INTERNET ARCHITECTURE Marc Mosko Palo Alto Research Center ACM ICN Panel 2016, Kyoto

FUTURE INTERNET ARCHITECTURE Marc Mosko Palo Alto Research Center ACM ICN Panel 2016, Kyoto Japan 1 FUTURE INTERNET ARCHITECTURE Protocol Feature 2 FUTURE INTERNET ARCHITECTURE* Protocol Feature IPv6 Large address space,

76 views • 4 slides
Protecting Free and Open Communications on the Internet Against Man-in-the-Middle Attacks on

Protecting Free and Open Communications on the Internet Against Man-in-the-Middle Attacks on

Protecting Free and Open Communications on the Internet Against Man-in-the-Middle Attacks on Third-Party Software Jeffrey Knockel, Jedidiah Crandall Computer Science Department University of New Mexico Recent News Iran: forged SSL

569 views • 27 slides
Internet Architecture WG : DoS-resistant Internet Subgroup Report Mark Handley University

Internet Architecture WG : DoS-resistant Internet Subgroup Report Mark Handley University

Internet Architecture WG : DoS-resistant Internet Subgroup Report Mark Handley University College London DoS-Resistant Internet Working Group Initial meeting held January 27th in London: The objective of the initial meeting is to share

316 views • 27 slides
Internet Governance Session 27 INST 346 Technologies, Infrastructure and Architecture

Internet Governance Session 27 INST 346 Technologies, Infrastructure and Architecture

Internet Governance Session 27 INST 346 Technologies, Infrastructure and Architecture Layers of Internet Governance Physical Infrastructure Logical Layer Content Layer Agenda Jurisdiction Internet Engineering Task

560 views • 9 slides
Enabling Conferencing Applications on the Internet using an Overlay Multicast Architecture

Enabling Conferencing Applications on the Internet using an Overlay Multicast Architecture

Enabling Conferencing Applications on the Internet using an Overlay Multicast Architecture Yang-hua Chu, Sanjay Rao, Srini Seshan and Hui Zhang Carnegie Mellon University Supporting Multicast on the Internet Application ? At which layer

666 views • 32 slides
Modern Internet architecture, technology &amp; philosophy Advanced Internet Services Dept. of

Modern Internet architecture, technology &amp; philosophy Advanced Internet Services Dept. of

1 2/23/15 AIS 2015 Modern Internet architecture, technology &amp; philosophy Advanced Internet Services Dept. of Computer Science Columbia University Henning Schulzrinne Spring 2015 02/23/2015 2/23/15 AIS 2015 NETWORK EVOLUTION &amp;

684 views • 56 slides
Architecture for Secure Internet Multicast R. Canetti, P-C. Cheng, F.Giraud, D. Pendarakis, J.R.

Architecture for Secure Internet Multicast R. Canetti, P-C. Cheng, F.Giraud, D. Pendarakis, J.R.

An IPSec-based Host Architecture for Secure Internet Multicast R. Canetti, P-C. Cheng, F.Giraud, D. Pendarakis, J.R. Rao, P. Rohatgi, IBM Research D. Saha Lucent Technologies Motivation In todays Internet the need for efficient and

337 views • 22 slides
Modern Internet architecture, technology &amp; philosophy Advanced Internet Services Dept. of

Modern Internet architecture, technology &amp; philosophy Advanced Internet Services Dept. of

1 3/2/15 AIS 2015 Modern Internet architecture, technology &amp; philosophy Advanced Internet Services Dept. of Computer Science Columbia University Henning Schulzrinne Spring 2015 03/02/2015 2 3/2/15 AIS 2015 Objectives Why do

459 views • 41 slides

More recommend