5/15/2012 How do you Improve on the Internet? The eXpressive Internet Architecture: • The Internet has been tremendously successful From Architecture to Network – Has sustained tremendous growth g – Supports very diverse set of applications and services Peter Steenkiste Dave Andersen, David Eckhardt, Sara Kiesler, Jon Peha, – Integral part of our society and economy Adrian Perrig, Srini Seshan, Marvin Sirbu, Hui Zhang • Lots of exciting research on how to improve Internet Carnegie Mellon University – Security, routing, wireless/mobile, management, … Aditya Akella, University of Wisconsin – But Internet architecture constrains what can be modified John Byers Boston University John Byers, Boston University • Future Internet Architecture frees researchers to go Winlab FIA, May 14, 2012 beyond today’s IP architecture and infrastructure – Multi ‐ phase, NSF ‐ funded research program – Five teams building full scale networks 1 2 Predicting the Future is Hard! Outline – A lot of really smart people don’t agree: • Background – Named Data Networking: content centric networking Named Data Networking: content centric networking • XIA principles XIA i i l ‐ data is a first class entity • XIA architecture – Mobility First: mobility as the norm rather than the • Building XIA exception – generalizes delay tolerant networking • Conclusion – Nebula: Internet centered around cloud computing data centers that are well connected data centers that are well connected We love all of them! 3 4 1
5/15/2012 XIA Vision Today’s Internet We envision a future Internet that: Src: Client IP • Is trustworthy Dest: Server IP – Security broadly defined is the biggest challenge • Supports long ‐ term evolution of usage models TCP – Including host ‐ host, content retrieval, services, … Client IP Server IP • Supports long term technology evolution • Client retrieves document from a specific web server – Not just for link technologies, but also for storage and – But client mostly cares about correctness of content timeliness But client mostly cares about correctness of content, timeliness computing capabilities in the network and end ‐ points computing capabilities in the network and end points – Specific server, file name, etc. are not of interest • Allows all actors to operate effectively • Transfer is between wrong principals – Despite differences in roles, goals and incentives – What if the server fails? – Optimizing transfer using local caches is hard • Need to use application ‐ specific overlay or transparent proxy – bad! 5 6 eXpressive Internet Architecture A Bit More Detail … Flexible Trust Dest: Service ID Src: Client ID Management Content Name? Dest: Content ID Dest: Content ID Dest: Client ID Diverse PDA Content ID Communicating Content Entities Dest: Content ID • Client expresses communication intent for content explicitly – Network uses content identifier to retrieve content from appropriate Network uses content identifier to retrieve content from appropriate location Anywhere • How does client know the content is correct? Intrinsic – Intrinsic security! Verify content using self ‐ certifying id: Security hash(content) = content id • How does source know it is talking to the right client? Hash( ) = CID? – Intrinsic security! Self ‐ certifying host identifiers 7 8 2
5/15/2012 Evolvable Set of Principals Security as Intrinsic as Possible • Identifying the intended communicating • Security properties are a direct result of the design of the system g y entities reduces complexity and overhead entities reduces complexity and overhead – Do not rely on correctness of external – No need to force all communication at a lower configurations, actions, data bases level (hosts), as in today’s Internet – Malicious actions can be easily identified • Allows the network to evolve Content Content a581fe9 ... a581fe9 ... Services Services d9389fa … d9389fa … Future Host Future Host 024e881 … 024e881 … Entities Entities 39c0348 … 39c0348 … 9 10 Other XIA Principles XIA: eXpressive Internet Architecture • Narrow waist for all principals • Each communication operation expresses the – Defines the API between the principals and the network intent of the operation intent of the operation protocol mechanisms t l h i – Also: explicit trust management, APIs among • Narrow waist for trust management actors – Ensure that the inputs to the intrinsically secure system • XIA is a single inter ‐ network in which all match the trust assumptions and intensions of the user principals are connected – Narrow waist allows leveraging diverse mechanisms for trust management: CAs, reputation, personal, … g , p , p , – Not a collection of architectures implemented Not a collection of architectures implemented • All other network functions are explicit services through, e.g., virtualization or overlays – Keeps the architecture simple and easy to reason about – Not based on a “preferred” principal (host or content), that has to support all communication – XIA provides a principal type for services (visible) Look familiar? 11 12 3
5/15/2012 What Applications Outline Does XIA Support? • Since XIA supports host ‐ based communication, • Background today’s applications continue to work today s applications continue to work • XIA principles XIA i i l – Will benefit from the intrinsic security properties • XIA architecture • New applications can express the right principal – Multiple principals – Can also specify other principals (host based) as fallbacks – DAG ‐ based addressing – Content ‐ centric applications – Intrinsic security – Explicit reliance on network services Explicit reliance on network services • Building XIA – Mobile users • Conclusion – As yet unknown usage models 13 14 Multiple Principal Types What Do We Mean by Evolvability? • Hosts XIDs support host ‐ based communication • Narrow waist of the Internet has allowed the similar to IP – who? network to evolve significantly network to evolve significantly • Service XIDs allow the network to route to • But need to evolve the waist as well! possibly replicated services – what does it do? – Can make the waist smarter – LAN services access, WAN replication, … XIA adds evolvability • Content XIDs allow network to retrieve content at the waist: from “anywhere” – what is it? IP: Evolvability of: Applications Applications – Opportunistic caches, CDNs, … Applications Evolving • Autonomous domains allow scoping, hierarchy set of principals Link technologies • What are conditions for adding principal types? Link technologies 15 15 16 4
5/15/2012 Multiple Principal Types Supporting Evolvability Choice involves tradeoffs: • Introduction of a new principal type will be Host Host Host • Control • Trust HID HID HID incremental – no “flag day”! SID SID • Efficiency y • Privacy y Service Content Content CID CID SID – Not all routers and ISPs will provide support from day one CID • Creates chicken and egg problem ‐ what comes first: Content network support or use in applications CID • Solution is to provide an …. intent and fallback address CID Content Content Dest CID CID CID CID – Intent address allows in ‐ dd ll AD:HID network optimizations based AD:HID Src on user intent …. Service Service – Fallback address is guaranteed SID SID Content Payload CID CID to be reachable Content Content 17 18 CID CID Addressing Requirements Our Solution: DAG ‐ Based Addressing • Uses direct acyclic graph (DAG) • Fallback: intent that may not be globally understood must include a backwards compatible address must include a backwards compatible address – Nodes: typed IDs (XID; expressive identifier) N d t d ID (XID i id tifi ) – Incremental introduction of new XID types – Outgoing edges: possible routing choices • Scoping: support reachability for non ‐ globally routable XID types or XIDs • Simple example: Sending a packet to HID S – Needed for scalability – Generalize scoping based on network identifiers Generalize scoping based on network identifiers HID S – But we do not want to give up leveraging intent • Iterative refinement: give each XID in the hierarchy Dummy source: Intent: special node indicating option of using intent final destination of packet packet sender with no outgoing edges 19 20 5
5/15/2012 Support for Scoping with DAG Support for Fallbacks with DAG Server ‐ side domain Client side hierarchy • A node can have multiple outgoing edges CID A Primary edges AD 0 HID S Fallback edge (low priority edge) HID S Intermediate node AD 1 1 • Outgoing edges have priority among them – Forwarding to HID S is attempted if forwarding to CID A is not possible – Realization of fallbacks Support scalable routing, binding, migration, mobility, … 21 22 DAG Addressing Iterative Refinement: Scoping Research Questions while Maintaining Intent • DAG addressing supports is flexible … Server ‐ side domain Client side hierarchy hierarchy – Fallback, binding, source routing, mobility, .. llb k b d b l • … but many questions remain: CID S – Is it expensive to process? – How big will the addresses be? AD 0 HID S S – How do ISPs verify policy compliance? How do ISPs verify policy compliance? – Can they be used to attack network? AD 1 – Can it be deployed incrementally? 23 24 6
Recommend
More recommend
