end middle end architecture for the internet
play

End-Middle-End Architecture for the Internet Olli-Pekka Lamminen - PowerPoint PPT Presentation

Aug 28, 2022 •306 likes •449 views

End-Middle-End Architecture for the Internet Olli-Pekka Lamminen TKK Networking Laboratory Outline End-Middle-End Architecture IRTF EME Research Group Requirements NUTSS Architecture Feasibility Considerations for

  1. End-Middle-End Architecture for the Internet Olli-Pekka Lamminen TKK Networking Laboratory

  2. Outline ● End-Middle-End Architecture ● IRTF EME Research Group – Requirements ● NUTSS – Architecture – Feasibility ● Considerations for EME Architectures ● Future Work ● References

  3. End-Middle-End Architecture ● Middleboxes have changed Internet – End-to-end traffic model has been broken – Firewalls, NATs, etc. ● Middleboxes need to be included in connection establishment – Endpoints should be aware of middle – Endpoints need means to request services

  4. IRTF EME Research Group ● IRTF Established EME RG in 2006 – Set of requirements for EME architectures ● Common naming ● Flow redirection – globally-unique – endpoint > endpoint – long-term stable – middlebox > endpoint – user-friendly – mobile rerouting ● Access control policies ● Protocol negotiation ● 2-way authentication ● Multi-homing ● Multicast – endpoint <> middlebox ● Information protection ● Fast flow initiation – anonymity – optimally 1 st packet – encryption contains data ● Middlebox discovery ● Incremental – when allowed deployment

  5. NUTSS Architecture ● EME compatible architecture – Created by people behind IRTF EME RG ● Policy-aware edge networks connected to policy-free core ● Edge nets have P-Boxes and M-Boxes – P-Box: controls network policies ● form a tree-like hierarchy ● used during name-routed signalling – M-Box: ' regular' middlebox ● just like middleboxes today (NAT, firewall, ...) ● handles data flows ● Endpoints register to P-Boxes

  6. NUTSS Architecture [naming] ● Stable, user-friendly naming – location-independent – 3-tuple (user, domain, service) ● user: not globally-unique, identifies user ● domain: globally-unique, hierarchical DNS name ● service: globally-unique service identifier – Mapped to 5-tuple address during connection establishment ● Assumes the presence of DNS

  7. NUTSS Architecture [name-routed signalling] ● Used to create path for data flow ● Signalling traverses through P-Box tree – Up until core – Down to endpoint ● P-Boxes add next- hop tokens – Tokens used for address routing

  8. NUTSS Architecture [address-routed messages] ● Data flows through M-Boxes ● Routing by next- hop tokens ● Endpoint addresses given during name- routing

  9. NUTSS Feasibility ● Fulfills many IRTF EME requirements – Mobility by short-lived addresses and rapid renegotiation – Multi-homing from location independence – Multicast with extended naming ● 3-tuples changed 4-tuples ● Performance may be an issue – Lots of signalling overhead – Payload in 1 st packet not possible ● Deployment strategy at draft-stage – Which is OK

  10. Considerations [naming] ● Users want user-friendly names ● Names should be if not globally-unique at least scope-unique – Uniqueness requires coordination – Coordination requires authority (NS) ● Mobile endpoints will be commonplace – Changing location requires updating NS – Network registration helps mobility – Registration and updates require authentication

  11. Considerations [middleboxes] ● Middleboxes are already commonplace – Home routers, web proxies, ... ● Endpoints should be aware of them – Awareness enables flexibility – NAT traversal, firewall control, ... ● Middleboxes need means to advertise ● Endpoints need means to request ● Endpoints should be able to trust middleboxes and vice versa – Service authentication is required

  12. Considerations [trust] ● Trust needs to be provided – Joining network – Name and location updates – Middlebox services ● Who trusts whom? – Endpoints vs. Endpoints – Endpoints vs. Networks, Middleboxes – Between the networks – Inside a network ● Who provides the trust? – Trust relationships between operators – 3 rd party trust authorities

  13. References ● IRTF EME Research Group – [http://www3.tools.ietf.org/group/irtf/trac/wiki/EME] ● NUTSS – [http://www3.tools.ietf.org/group/irtf/trac/wiki/EME_NUTSS] – An End-Middle-End Approach to Connection Establishment Guha & Francis: In Proceedings of SIGCOMM'07 ● Middleboxes – Rethinking the Design of the Internet: The End-to-End Arguments vs. the Brave New World Blumenthal & Clark: ACM TOIT, vol.1, no. 1, Aug. 2001 – Middleboxes No Longer Considered Harmful Walafish et al.: In Proceedings of OSDI'04

  14. End-Middle-End Architecture for the Internet Questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

How do you Improve on the Internet? The eXpressive Internet Architecture: The Internet has been

How do you Improve on the Internet? The eXpressive Internet Architecture: The Internet has been

5/15/2012 How do you Improve on the Internet? The eXpressive Internet Architecture: The Internet has been tremendously successful From Architecture to Network Has sustained tremendous growth g Supports very diverse set of applications

484 views • 10 slides
INTERNET HUB FOR THE MIDDLE EAST AND THE BRIDGE BETWEEN EUROPE, AFRICA, AND ASIA UAE- IX is

INTERNET HUB FOR THE MIDDLE EAST AND THE BRIDGE BETWEEN EUROPE, AFRICA, AND ASIA UAE- IX is

UAE-IX INTERNET HUB FOR THE MIDDLE EAST AND THE BRIDGE BETWEEN EUROPE, AFRICA, AND ASIA UAE- IX is the only neutral Internet exchange platform for the Middle East that interconnects global networks, network operators, and content

293 views • 15 slides
End-to-end principle All control in end stations by Dave Clark e.g. error and flow

End-to-end principle All control in end stations by Dave Clark e.g. error and flow

Introduction to routing in the Internet Internet architecture IPv4, ICMP, ARP Addressing, routing principles (Chapters 23 in Huitema) Internet-1 S-38.121 / Fall-04 / RKa, NB Internet Architecture Principles End-to-end principle All

893 views • 21 slides
Future Internet Future Internet Internet has evolved from 4-node network to ubiquituous, global

Future Internet Future Internet Internet has evolved from 4-node network to ubiquituous, global

An Architecture for An Architecture for Supporting Future Internet Supporting Future Internet Applications Applications Sebastian Mies Institute of Telematics, University of Karlsruhe (TH), Germany The SpoVNet Consortium: University of

268 views • 11 slides
Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet Server Client Attack vectors MAN DNS LAN Client Internet Back Bone Router Networking WWW overview MITM (Man In The Middle) 3 2 4 5 LAN

244 views • 23 slides
Introduction to routing in the Internet Ethernet, switching vs. routing Internet architecture

Introduction to routing in the Internet Ethernet, switching vs. routing Internet architecture

Introduction to routing in the Internet Ethernet, switching vs. routing Internet architecture Addressing, routing principles Protocols: IPv4, ICMP, ARP (Chapters 23 in Huitema) Internet-1 S-38.2121 / Fall-07 / RKa, NB Ethernet Most

635 views • 26 slides
End-to-end principle by Dave Clark Hop-by-hop control vs. End-to-end control In X.25

End-to-end principle by Dave Clark Hop-by-hop control vs. End-to-end control In X.25

Introduction to routing in the Internet Internet architecture IPv4, ICMP, ARP Addressing, routing principles (Chapters 23 in Huitema) Internet-1 S-38.2121 / Fall-06 / RKa, NB Internet Architecture Principles End-to-end principle by Dave

669 views • 23 slides
HAIR: Hierarchical Architecture for Internet Routing Re-Architecting the Internet ReArch 09

HAIR: Hierarchical Architecture for Internet Routing Re-Architecting the Internet ReArch 09

HAIR: Hierarchical Architecture for Internet Routing Re-Architecting the Internet ReArch 09 Wolfgang Mhlbauer ETH Zrich / TU Berlin wolfgang.muehlbauer@tik.ee.ethz.ch Anja Feldmann Luca Cittadini Randy Bush Olaf Maennel Deutsche

403 views • 21 slides
A Fully-Flexible Internet Architecture for the Next-Generation Tactile Internet Mohamed Faten

A Fully-Flexible Internet Architecture for the Next-Generation Tactile Internet Mohamed Faten

2 nd Visions for Future Communications Summit Technologies and Services Towards 6G Introducing FlexNGIA: A Fully-Flexible Internet Architecture for the Next-Generation Tactile Internet Mohamed Faten Zhani cole de technologie suprieure

827 views • 57 slides
An Radical but Incrementally Deployable Vision for Future Internet Architecture James McCauley,

An Radical but Incrementally Deployable Vision for Future Internet Architecture James McCauley,

An Radical but Incrementally Deployable Vision for Future Internet Architecture James McCauley, Yotam Harchol, Aurojit Panda, Barath Raghavan, Scott Shenker (UC Berkeley, NYU, USC, ICSI) The Internet architecture of today Based on IP

477 views • 44 slides
Delivering Internet-of-Things (IoT) Services in MobilityFirst Future Internet Architecture Jun

Delivering Internet-of-Things (IoT) Services in MobilityFirst Future Internet Architecture Jun

Delivering Internet-of-Things (IoT) Services in MobilityFirst Future Internet Architecture Jun Li, Y. Shvartzshnaider, J. Francisco, R. Martin, K. Nagaraja and D. Raychaudhuri WINLAB, Rutgers University October 24-26 th , 2012 October 24-26,

451 views • 21 slides
Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security: Repelling the Wily Hacker, Cheswick, Bellovin, and Rubin. New second edition Firewall and Internet Security, the Second Hundred (Internet)

801 views • 78 slides
Experiencing a new Internet Architecture Adrian Perrig, Network Security Group The Internet is on

Experiencing a new Internet Architecture Adrian Perrig, Network Security Group The Internet is on

Experiencing a new Internet Architecture Adrian Perrig, Network Security Group The Internet is on Fire! Lack of sovereignty Frequent outages https://downdetector.com Constant DDoS attacks https://www.digitalattackmap.com

730 views • 48 slides
The network neutrality bot architecture: a preliminary approach for self-monitoring of Internet

The network neutrality bot architecture: a preliminary approach for self-monitoring of Internet

The network neutrality bot architecture: a preliminary approach for self-monitoring of Internet access QoS Simone Basso Antonio Servetti Juan Carlos De Martin NEXA Center for Internet &amp; Society Politecnico di Torino, Italy

522 views • 14 slides
SEDA: An Architecture for Well-Conditioned Scalable Internet Services Matt Welsh, David Culler,

SEDA: An Architecture for Well-Conditioned Scalable Internet Services Matt Welsh, David Culler,

SEDA: An Architecture for Well-Conditioned Scalable Internet Services Matt Welsh, David Culler, and Eric Brewer presented by Ahn, Ki Yung Staged Event-Driven Architecture Designed for highly concurrent Internet services Applications are

493 views • 13 slides
Internet architecture Ov Over ervie iew Packet switching over circuit switching

Internet architecture Ov Over ervie iew Packet switching over circuit switching

Internet architecture Ov Over ervie iew Packet switching over circuit switching End-to-end principle and Hourglass design Layering of functionality Portland State University CS 430P/530 Internet, Web &amp; Cloud Systems Pac

396 views • 22 slides
Building a Name Service with ZooKeeper Albert Kim Motivation Question: Why do we want a name

Building a Name Service with ZooKeeper Albert Kim Motivation Question: Why do we want a name

Building a Name Service with ZooKeeper Albert Kim Motivation Question: Why do we want a name service? How do we find services in a cluster? Clusters have 1000s of machines running Registering and querying needs to be dynamic

831 views • 8 slides
Thank you NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS and Burns &amp; McDonnell

Thank you NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS and Burns &amp; McDonnell

Thank you NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS and Burns &amp; McDonnell RECYCLINGPARTNERSHIP.ORG You might find us trying to drum up a conversation about: 1. Cody 2. Awareness and Behavior Change Elizabeth 3. Measurement and Data

459 views • 32 slides
Responsive Web Design Josh Hughes hughesjd@missouri.edu What is Responsive Design? A quick

Responsive Web Design Josh Hughes hughesjd@missouri.edu What is Responsive Design? A quick

Responsive Web Design Josh Hughes hughesjd@missouri.edu What is Responsive Design? A quick overview Fluid Grid Fluid Grid Page - 960 px Menu Content Area 215 px 685 px Inset Sidebar 215 px 20 px 20 px left and left margin right margins

890 views • 51 slides
Course Settings, Course Introductions and Announcements Log in to your account Enter the lms

Course Settings, Course Introductions and Announcements Log in to your account Enter the lms

Table of Contents Course Settings, Course Introductions and Announcements .................................................................... 1 Course Resources

696 views • 41 slides
LaGOV LaGOV Version 1.3 Updated: 07/29/2008 Agenda Logistics, Ground Rules &amp;

LaGOV LaGOV Version 1.3 Updated: 07/29/2008 Agenda Logistics, Ground Rules &amp;

Functional Locations Functional Locations Functional Locations LOG- -PM PM- -001 001 LOG LOG-PM-001 July 30, 2008 July 30, 2008 July 30, 2008 LaGOV LaGOV Version 1.3 Updated: 07/29/2008 Agenda Logistics, Ground Rules &amp;

496 views • 21 slides
Research Data Management Laure Perrier Research Data Management Librarian June 10, 2016

Research Data Management Laure Perrier Research Data Management Librarian June 10, 2016

Impactful Biomedical Research: Achieving Quality and Transparency Research Data Management Laure Perrier Research Data Management Librarian June 10, 2016 Objectives To describe the current issues facing researchers with regards to

661 views • 44 slides
Towards Evaluating Named Data Networking for the IoT: A Framework for OMNeT++ Amar Abane 1 2 ,

Towards Evaluating Named Data Networking for the IoT: A Framework for OMNeT++ Amar Abane 1 2 ,

Towards Evaluating Named Data Networking for the IoT: A Framework for OMNeT++ Amar Abane 1 2 , Paul Muhlethaler 3 , Samia Bouzefrane 1 , Mehammed Daoui 2 , and Abdella Battou 4 1 Conservatoire National des Arts et Mtiers - Paris, France 2

558 views • 23 slides
Creating a new framework for census workplace data David Martin 1 , Samantha Cockings 1 , Andrew

Creating a new framework for census workplace data David Martin 1 , Samantha Cockings 1 , Andrew

Creating a new framework for census workplace data David Martin 1 , Samantha Cockings 1 , Andrew Harfoot 1 , Bruce Mitchell 2 , Ian Coady 2 1 University of Southampton, 2 Office for National Statistics NTTS Conference, 11 March 2015 Presentation

346 views • 18 slides

More recommend