an evaluation of ipfs as a distribution mechanism for
play

An Evaluation of IPFS As A distribution Mechanism for RPKI - PowerPoint PPT Presentation

Nov 17, 2022 •584 likes •853 views

An Evaluation of IPFS As A distribution Mechanism for RPKI Repository Dadepo Aderemi, Woudt van Steenbergen Supervisor: Luuk Hendriks | NLnet Labs July 2, 2020 Web DNS IPFS IPFS Primer What A peer-to-peer distributed file system that

  1. An Evaluation of IPFS As A distribution Mechanism for RPKI Repository Dadepo Aderemi, Woudt van Steenbergen Supervisor: Luuk Hendriks | NLnet Labs July 2, 2020

  2. Web DNS IPFS IPFS Primer What A peer-to-peer distributed file system that seeks to ● connect all computing devices with the same system of files. [7] Fig. 1 - Centralized, Decentralized and Distributed Networks [1] Why How ● Distributed over centralised systems Content Addressing ● Efficient Data Transfer ● ● InterPlanetary Linked Data (IPLD) formally ● Resiliency Merkle DAG Permanence ● ● Distributed Hash Table (Kademlia) PKI based Identity ● 2

  3. RPKI Primer Why What Mechanism to make Internet routing more ● Resource Public Key Infrastructure ● secure ● A PKI based approach to securing global internet routing Border Gateway Protocol (BGP) has no inbuilt ● Makes use of X509 certificates to prove ownership of ● security Internet Number Resources (INR) - ASN, IPv4 and IPv6 Security is based on trust, which does not scale ● Owners of Internet Number Resources can make verifiable ● ● Leads to prevalent prefix hijacks and statement on how their resources can be used Misconfiguration mishaps 3

  4. BGP without RPKI 194.148.0.0/16 ASN-6666 194.148.0.0/16 RIR or NIR INR holder BGP Speaker ASN-3334 Fig. 2 - Prefix Hijacking in BGP 4

  5. RPKI Primer How Ties into the hierarchical resource allocation driven by Regional Internet Registry ● (RIR) and National Internet Registry (NIR) Resource is allocated to user, together with a resource certificate ● ● User creates Resource Origin Authorization (ROA) ROAs are published to publicly available repositories ● ● Relying Party (RP) downloads and creates Validated ROA Payload (VRP) BGP speakers uses VRP to make routing decision ● 5

  6. BGP with RPKI 194.148.0.0/16 ASN-6666 RPKI Repository ROAs ROAs 194.148.0.0/16 194.148.0.0/16 ASN-3334 ASN-3334 VRPs 194.148.0.0/16 Relying Party BGP Speaker RIR or NIR INR holder ASN-3334 Fig. 3 - Preventing prefix hijacking with RPKI 6

  7. RPKI Repository RPKI Repository RPKI Repository ROAs ROAs - RSYNC INR holder Relying Party - RRDP (RPKI Repository Delta Protocol) Fig. 4 - Publication components of RPKI

  8. RSYNC Drawbacks Compute intensive. ● ● Lack of implementation library Atomic updates not guaranteed ● Diff needs to be calculated for each client Client-3 Client-n Client-1 Client-2 Fig. 5 -RSYNC server and clients

  9. RRDP Improvements ● Reduces computation resources by generating Delta files once and not at every request ● Guarantees atomic updates ● Takes advantage of CDN and Caching Infrastructure. Snapshot and Delta files ● Uses HTTPS which has both client and server library implementations Client-3 Client-n Client-1 Client-2 Fig.7 - HTTP server and clients using RRDP 9

  10. Further Improvements Possible? 10

  11. Research Question To what extent can IPFS be used as a distribution mechanism within RPKI? ● How is publishing and retrieving contents currently implemented with RRDP in RPKI? What are the features of IPFS that can replace or augment the current RRDP implementation of the ● RPKI repository? What are the network characteristics of IPFS and how would these characteristics influence the ● operations of an RPKI repository? 11

  12. Related Work ● No RRDP specific research to the best of our knowledge (Introduced in 2017). ● J. Shen et al. “ Understanding I/O Performance of IPFS Storage: A Client's Perspective ". In: 2019 IEEE/ACM 27th International Symposium on Quality of Service (IWQoS). 2019, pp. 1-10. ● Netflix: New improvements to IPFS Bitswap for faster container image distribution. ● V. Kotlyar et al. “ Torrent Base of Software Distribution by ALICE at RDIG ”. In: (2012), pp. 171-175. ● B. Confais, A. Lebre, and B. Parrein. An Object Store Service for a Fog/Edge Computing Infrastructure Based on IPFS and a Scale-Out NAS ". In: 2017 IEEE 1st International Conference on Fog and Edge Computing (ICFEC). 2017, pp. 41{50. ● IPFS for Off Chain Storage: ○ Sihua Wu and Jiang Du. Electronic medical record security sharing model based on blockchain ". ○ R. Norvill et al. IPFS for Reduction of Chain Size in Ethereum ". ○ Q. Zheng et al. An Innovative IPFS-Based Storage Model for Blockchain ". In: 2018 12

  13. Methodology - assessing network performance Qualitative Analysis - Literature study of RPKI, RRDP and IPFS 1,2 ● ● Quantitative Analysis - Direct HTTPs and IPFS comparison (exclude RSYNC to limit scope) ○ Compare data transfer ○ Test environment based on Containernet (Mininet) [2] ● Quantitative Analysis - HTTPs and IPFS comparison within RPKI (exclude RSYNC to limit scope) ○ Compare fetching of VRP ○ Modify Krill - RPKI Certificate Authority/Repository - to use IPFS] [3] ○ Modify Routinator - RPKI Relying Party software - to use IPFS [4] ○ Test environment based on Docker containers using Docker Compose [5] 1 References: RFC 8630, RFC 8182, RFC 6486, RFC 6482, RFC 6480, IPFS-Specification, IPFS Documentation , 2 More available in the report 13

  14. Results ● Qualitative Analysis ○ Removing the need for hashes in notification.xml ● Quantitative Analysis - Direct HTTPs and IPFS comparison (exclude RSYNC to limit scope) ○ Bandwidth test ● Quantitative Analysis - HTTPs and IPFS comparison within RPKI (exclude RSYNC to limit scope) ○ Number of nodes test 14

  15. Remove checksum in RRDP notification file IPFS uses content addressing, hence cryptographic hash of contents can be used for both retrieval and assurance of integrity Current notification.xml ● ● Possible modification using IPFS 15 Fig.8 - RRDP notification.xml file without and with IPFS based modification

  16. Methodology - Direct HTTPS and IPFS comparison Varying data size Varying bandwidth Varying number of nodes Varying link delay between node hosting Varying link delay between data and switch nodes hosting data and Containernet (Mininet) environment switch 16 Fig.9 - Network topology for direct HTTPs and IPFS comparison

  17. Results - IPFS latency test RTT=250ms RTT=10ms Fig.11 - IPFS w/ RTT of 10ms 17 Fig.10 - IPFS w/ RTT of 250ms

  18. Results - HTTPs latency test RTT=250ms RTT=10ms Fig.12 - HTTPS w/ RTT of 250ms Fig.13 - HTTPS w/ RTT of 10ms 18

  19. Methodology - RRDP and IPFS comparison within RPKI Varying size of RPKI Repository Varying number of nodes Docker environment 19 Fig.14 - Network topology for HTTPs and IPFS comparison within RPKI

  20. Results - RPKI IPFS nodes test Nodes=9 Nodes=3 20 Fig.16 - RPKI IPFS w/ 3 nodes Fig.15 - RPKI IPFS w/ 9 nodes

  21. RPKI RRDP nodes test Nodes=9 Nodes=3 Fig.18 - RPKI RRDP w/ 3 nodes Fig.17 - RPKI RRDP w/ 9 nodes 21

  22. Conclusion ● IPFS can currently be integrated to distribute RPKI material ○ Removing the need for manual data integrity checks in RRDP ● IPFS performed poorly in direct comparison with HTTPS: ○ Retrieval times were several factors higher than HTTPs under the same circumstances ○ In the low bandwidth, low latency environment it only performed 1.5x as poorly Low latency(RTT=10ms) High latency(RTT=250ms) Low bandwidth(100Mbit/s) HTTPs N/a High bandwidth(1000Mbit/s) HTTPs HTTPs 22

  23. Future Work ● Research variable delays between retrieving IPFS nodes, not only the server hosting the data ● Research effect of concurrent requests in IPFS (without RPKI) ● Research power consumption of IPFS in comparison to other transfer protocols ● Research integration of IPFS into Krill and Routinator using the IPFS Rust library[6] (once matured) 23

  24. Thank you for your attention In short: ● The network is often not the bottleneck in IPFS performance, it is more susceptible to I/O IPFS can be integrated into RPKI and replace redundant functionality ● 24

  25. References 1. Baran, P . (1962). On Distributed Communications Networks. RAND Corporation. Setembro de 2. sne-os3-rp2/ipfshttpbenchmark : Containernet script for performing data transfer benchmark of HTTPs and IPFS:. url: https : / / github . com / sne - os3 - rp2 / ipfs _ http _ benchmark (visited on 06/27/2020). 3. sne-os3-rp2/krill: RPKI Certicate Authority and Publication Server written in Rust. url: https://github.com/sne-os3-rp2/krill (visited on 06/28/2020). 4. sne-os3-rp2/routinator: An RPKI Validator written in Rust. url: https://github.com/sne-os3-rp2/routinator (visited on 06/28/2020). 5. sne-os3-rp2/lab: Scripts, and Docker build les for creating Docker compose le that is to be used to orchestrate Krill and routinator instances for experiments purposes. url: https://github.com/sne-os3-rp2/lab (visited on 06/28/2020). 6. rs-ipfs/rust-ipfs: The Interplanetary File System (IPFS), implemented in Rust.url:https://github.com/rs-ipfs/rust-ipfs(visited on 07/01/2020) 7. Benet, Juan. (2014). IPFS - Content Addressed, Versioned, P2P File System. 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Speeding up the Inter-Planetary File System (IPFS) Speeding up the Inter-Planetary File System

Speeding up the Inter-Planetary File System (IPFS) Speeding up the Inter-Planetary File System

1 Guillaume Michel Speeding up the Inter-Planetary File System (IPFS) Speeding up the Inter-Planetary File System (IPFS) Semester project presentation Project Advisor: Project Supervisor: Student: Laboratory: Prof. Bryan Ford Cristina

1.52k views • 29 slides
REFUGEES WELCOME? CONTESTATION OVER A EUROPEAN DISTRIBUTION MECHANISM Migration, Identity and

REFUGEES WELCOME? CONTESTATION OVER A EUROPEAN DISTRIBUTION MECHANISM Migration, Identity and

REFUGEES WELCOME? CONTESTATION OVER A EUROPEAN DISTRIBUTION MECHANISM Migration, Identity and Politics in Europe Carleton University, Ottawa, Ontario, 1 1 March 2019 2019 Johannes Mller Gmez Universit de Montral &

421 views • 12 slides
EVALUATION OF DAMAGE MECHANISM OF 45 O FLAT BRAIDED CFRP COMPOSITES CONTAINING CARBON

EVALUATION OF DAMAGE MECHANISM OF 45 O FLAT BRAIDED CFRP COMPOSITES CONTAINING CARBON

18 TH INTERNATIONAL CONFERENCE ON COMPOSITE MATERIALS EVALUATION OF DAMAGE MECHANISM OF 45 O FLAT BRAIDED CFRP COMPOSITES CONTAINING CARBON NANOFIBERS UNDER TENSILE LOADING WITH ASSISTANCE OF SQUID TECHNIQUE M.S. Aly-Hassan 1* , Y. Takai 1 , A.

424 views • 6 slides
Open Peer-to-Peer Systems over Blockchain and IPFS: an Agent Oriented Framework. Cryblock2018

Open Peer-to-Peer Systems over Blockchain and IPFS: an Agent Oriented Framework. Cryblock2018

Open Peer-to-Peer Systems over Blockchain and IPFS: an Agent Oriented Framework. Cryblock2018 Antonio Tenorio-Forns, Samer Hassan and Juan Pavn 0 Table of Contents 1. Introduction 2. System Requirements 3. Decentralization Technology

526 views • 31 slides
Evaluation of admissible CAN bus load with weak synchronization mechanism Hugo Daigmorte, Marc

Evaluation of admissible CAN bus load with weak synchronization mechanism Hugo Daigmorte, Marc

Context and goal Experimental protocol Experimental results Conclusion Evaluation of admissible CAN bus load with weak synchronization mechanism Hugo Daigmorte, Marc Boyer ONERA The French aerospace lab International Conference on

809 views • 34 slides
An Evaluation of the Rotor-Router Mechanism Julian M. Rice | UCLA FrontierLab@OsakaU: Graduate

An Evaluation of the Rotor-Router Mechanism Julian M. Rice | UCLA FrontierLab@OsakaU: Graduate

An Evaluation of the Rotor-Router Mechanism Julian M. Rice | UCLA FrontierLab@OsakaU: Graduate School of Information Science & Technology Masuzawa Laboratory ( ) Total Slide Count: 14 | August 2018 Julian M. Rice [ Research

251 views • 21 slides
The EME Programme Efficacy and Mechanism Evaluation Programme EME webinar 2017 www.nihr.ac.uk

The EME Programme Efficacy and Mechanism Evaluation Programme EME webinar 2017 www.nihr.ac.uk

The EME Programme Efficacy and Mechanism Evaluation Programme EME webinar 2017 www.nihr.ac.uk The EME Programme Where EME fits into UK biomedical research funding What will EME fund? What wont EME fund? The EME Programme

676 views • 35 slides
Indonesia JCM Stakeholders Aryanie Amellina Technical Assessment & Evaluation Specialist

Indonesia JCM Stakeholders Aryanie Amellina Technical Assessment & Evaluation Specialist

Indonesia JCM Stakeholders Aryanie Amellina Technical Assessment & Evaluation Specialist Indonesia Joint Crediting Mechanism Secretariat 2 April 2015 Workshop on Joint Crediting Mechanism: Sharing Experiences in Indonesia Thailand

353 views • 10 slides
How IPFS Works A High-Level Overview of the InterPlanetary File System Yiannis Psaras

How IPFS Works A High-Level Overview of the InterPlanetary File System Yiannis Psaras

How IPFS Works A High-Level Overview of the InterPlanetary File System Yiannis Psaras (@yiannisbot) Protocol Labs - ResNetLab original deck by @stebalien Who am I: Yiannis Psaras I work at Protocol Labs... ... on just a few of the

940 views • 60 slides
Unit 2: Probability and distributions 3. Normal distribution Peer evaluation 1 by Saturday

Unit 2: Probability and distributions 3. Normal distribution Peer evaluation 1 by Saturday

Announcements Unit 2: Probability and distributions 3. Normal distribution Peer evaluation 1 by Saturday 11:59pm. Lab due Wednesday. Sta 101 - Spring 2015 PS due Thursday. PA due Friday. Duke University, Department of Statistical

268 views • 9 slides
Using Treebanks tgrep2 Lecture 2: 07/12/2011 Using Corpora For discovery For evaluation

Using Treebanks tgrep2 Lecture 2: 07/12/2011 Using Corpora For discovery For evaluation

Using Treebanks tgrep2 Lecture 2: 07/12/2011 Using Corpora For discovery For evaluation of theories For identifying tendencies distribution of a class of words distribution of structural configurations frequency of a

632 views • 38 slides
1. Normal distribution 2. Geometric distribution 3. Binomial distribution 4.

1. Normal distribution 2. Geometric distribution 3. Binomial distribution 4.

Chapter 3. Distribution of Random Variables Jan 26, 2016 by Huamei Dong 1. Normal distribution 2. Geometric distribution 3. Binomial distribution 4. Negative binomial distribution 5. Poisson distribution 1.Normal distribution

520 views • 11 slides
Small is beautiful or bigger is better? An assessment of French Experiment of a New Mechanism of

Small is beautiful or bigger is better? An assessment of French Experiment of a New Mechanism of

Small is beautiful or bigger is better? An assessment of French Experiment of a New Mechanism of Remuneration for Multidisciplinary Group Practices in Primary Care 2 nd IRDES Workshop on Applied Health Economics & Policy Evaluation Paris,

852 views • 19 slides
Policy vs. Mechanism Policy Decisions about what should be done. Mechanism

Policy vs. Mechanism Policy Decisions about what should be done. Mechanism

Processes and Threads Marie Roch Tanenbaum 2.1-2.2 Policy vs. Mechanism Policy Decisions about what should be done. Mechanism Algorithms and data structures that implement policy 2 1 Processes Process program in

264 views • 13 slides
Second Monitoring Committee The EEA FINANCIAL MECHANISM and The NORWEGIAN FINANCIAL MECHANISM

Second Monitoring Committee The EEA FINANCIAL MECHANISM and The NORWEGIAN FINANCIAL MECHANISM

Second Monitoring Committee The EEA FINANCIAL MECHANISM and The NORWEGIAN FINANCIAL MECHANISM 20092014 National Focal Point Malta Leonie Aquilina Xuereb, 29 January 2013 EEA and Norway Grants 2009-2014 Overall Objectives: To reduce

553 views • 18 slides
Distribution The definition of distribution Distribution of the subject-term Distribution of the

Distribution The definition of distribution Distribution of the subject-term Distribution of the

Three Acts of the Mind Verbal Expression: Mental Act: Simple Apprehension Term Judgment Proposition Deductive Inference Syllogism Slide 8-1 Distribution The definition of distribution Distribution of the subject-term

390 views • 12 slides
Deferred Peerings as Obstacles on the Internet Thomas Rieder HTTPS://PEERING.RIEDER.IO

Deferred Peerings as Obstacles on the Internet Thomas Rieder HTTPS://PEERING.RIEDER.IO

Deferred Peerings as Obstacles on the Internet Thomas Rieder HTTPS://PEERING.RIEDER.IO Discussion Motivation Fundamentals Design Methodology Conclusion Motivation Pe Peering : Direct connection between two networks on the Internet

419 views • 40 slides
Pass the Packet, Please? Explorations into Trust and the Social Organisation of Network

Pass the Packet, Please? Explorations into Trust and the Social Organisation of Network

Pass the Packet, Please? Explorations into Trust and the Social Organisation of Network Administration Ashwin J Mathew School of Information UC Berkeley The Internet The Internet The Internet The Internet AT&T UC Berkeley

632 views • 20 slides
NAPLS Technology Plan 2019-2022 Background Planning Process Behaviors Values Beliefs Our

NAPLS Technology Plan 2019-2022 Background Planning Process Behaviors Values Beliefs Our

NAPLS Technology Plan 2019-2022 Background Planning Process Behaviors Values Beliefs Our Beliefs The use of technology should be intentional, focused and purposeful. Technology is a tool and not a learning outcome. Learning how to

157 views • 11 slides
Niels ten Oever Head of Digital Article19 niels@article19.org nto@jabber.org PGP : 8D9F C567

Niels ten Oever Head of Digital Article19 niels@article19.org nto@jabber.org PGP : 8D9F C567

Niels ten Oever Head of Digital Article19 niels@article19.org nto@jabber.org PGP : 8D9F C567 BEE4 A431 56C4 678B 08B5 A0F2 636D 68E9 Overview What is systems security Adding Internet to the mix Infrastructure hacking

316 views • 14 slides
The Cascade Gateway Vancouver, BC Whistler, BC 83 km 209 km Bellingham, WA 54 mi 130 mi 1

The Cascade Gateway Vancouver, BC Whistler, BC 83 km 209 km Bellingham, WA 54 mi 130 mi 1

The Cascade Gateway Vancouver, BC Whistler, BC 83 km 209 km Bellingham, WA 54 mi 130 mi 1 hr 3 hrs 226 km 352 km Seattle, WA 141 mi 214 mi 2.5 hrs 4.3 hrs 504 km 629 km Portland, OR 331 mi 391 mi 5 hrs 7 hrs NEXUS & FAST

355 views • 3 slides
Towards the QoS Internet Wojciech Burakowski and Halina Tarasiuk Telecommunication Network

Towards the QoS Internet Wojciech Burakowski and Halina Tarasiuk Telecommunication Network

EURO-VIEW 2007, Wuerzburg, July 23-24, Germany Towards the QoS Internet Wojciech Burakowski and Halina Tarasiuk Telecommunication Network Technologies Group Warsaw University of Technology, Poland tnt.tele.pw.edu.pl Plan Vision of QoS

548 views • 35 slides
Computer Networks and Community Applications Presentation by Air-Stream Wireless Incorporated For

Computer Networks and Community Applications Presentation by Air-Stream Wireless Incorporated For

Computer Networks and Community Applications Presentation by Air-Stream Wireless Incorporated For CISA th November 2004 17 Community Wireless Network Air-Stream Wireless Incorporated PO BOX 301 Walkerville SA 5081 Internet:

204 views • 7 slides
An Architecture for Enabling migration of tactical networks to future flexible Ad Hoc WBWF

An Architecture for Enabling migration of tactical networks to future flexible Ad Hoc WBWF

An Architecture for Enabling migration of tactical networks to future flexible Ad Hoc WBWF SDR11 WInnCommEurope, June 2011 Rationale Operational scenarios Wideband Waveform Architecture requirements Architecture of the Wideband

352 views • 19 slides

More recommend