lec 11_27_sept

8/16/2019 Lec 11_27_Sept

1/33

BITS PilaniPilani Campus

Advanced Computer

Networks (CS ZG525)Virendra S Shekhawat

Department of Computer Science and Information Systems

8/16/2019 Lec 11_27_Sept

2/33

BITS PilaniPilani Campus

First Semester 2015-2016Lecture-11 [27th Sept 2015]

8/16/2019 Lec 11_27_Sept

3/33

BITS Pilani, Pilani CampusFirst Sem 2015-16

Agenda

• Generalization of the Internet’s Point to Point

Communication (i.e. Unicast, Anycast and Multicast) using

Overlay Approach [CH-19] & [CH-20]

–

Reading• Internet Indirection Infrastructure (i3) [Ion Stoica, 2002]

• http://conferences.sigcomm.org/sigcomm/2002/papers/i3.pdf

3Advanced Computer Networks CS G525

8/16/2019 Lec 11_27_Sept

4/33

8/16/2019 Lec 11_27_Sept

5/33


Motivations [2]

• This abstraction allows Internet to be highly scalableand efficient, but…

• … not appropriate for applications that require othercommunications primitives: – Multicast – Anycast

– Mobility

– …

•Key Observation: Virtually all these proposals useindirection – Physical indirection point mobile IP

– Logical indirection pointIP multicast


8/16/2019 Lec 11_27_Sept

6/33


Solution

• Use an overlay network to implement this layer

– Incrementally deployable; don’t need to change IP


8/16/2019 Lec 11_27_Sept

7/33BITS Pilani, Pilani CampusFirst Sem 2015-16

Solution

An indirection layer based on overlay network(decouples sending and receiving)

Multicast Anycast MobilityService

Composition

IP Layer

DHT


8/16/2019 Lec 11_27_Sept


Internet Indirection Infrastructure (i3)

• Each packet is associated an identifier id

• To receive a packet with identifier id , receiver

R maintains a trigger(id , R) into the overlay

network

Sender Receiver (R)

id R

trigger


8/16/2019 Lec 11_27_Sept


Service Model

• API

– sendPacket( p);

– insertTrigger(t );

– removeTrigger(t ) // optional

• Best-effort service model (like IP)

• Triggers periodically refreshed by end-hosts

• ID length: 256 bits


8/16/2019 Lec 11_27_Sept


Mobility

• Host just needs to update its trigger as it

moves from one subnet to another

Sender

Receiver

(R1)

Receiver

(R2)

id R1id R2


8/16/2019 Lec 11_27_Sept


Multicast

• Receivers insert triggers with same identifier

• Can dynamically switch between multicast and

unicast

Sender Receiver (R1)

Receiver (R2)

trigger

id R2

trigger

id R1


8/16/2019 Lec 11_27_Sept

12/33

8/16/2019 Lec 11_27_Sept


Using i3

• Service Composition

– Server initiated

– Receiver initiated

• Large Scale Multicast


8/16/2019 Lec 11_27_Sept


Service Composition: Sender Initiated

• Use a stack of IDs to encode sequence of

operations to be performed on data path

Sender

(MPEG)

Receiver R(JPEG)

ID_ MPEG/JPEG S_ MPEG/JPEGID R

send((ID_MPEG/JPEG,ID), data)

S_MPEG/JPEG

send(ID, data) send(R, data)


8/16/2019 Lec 11_27_Sept


Service Composition: Receiver Initiated

• Receiver can also specify the operations to be

performed on data

Sender(MPEG)

Receiver R

(JPEG)ID_ MPEG/JPEG S_ MPEG/JPEG

ID ID_MPEG/JPEG, R

send(ID, data)

S_MPEG/JPEG

send((ID_MPEG/JPEG,R), data)

send(R, data)


8/16/2019 Lec 11_27_Sept


Large Scale Multicast

• Can create a multicast tree for scalability

R2

R1

R4R3

g

R2

g

R1

g

x

xR4xR3

(g, data)


8/16/2019 Lec 11_27_Sept


Implementation Overview

• ID space is partitioned across infrastructure

nodes

– Each node responsible for a region of ID space

• Each trigger (id, R) is stored at the node

responsible for id

• Use Chord to route triggers and packets to

nodes responsible for their IDs

– O(log N) hops


8/16/2019 Lec 11_27_Sept


Properties

• Robustness, Efficiency, Scalability, Stability – Robustness: refresh triggers , trigger replication, back-up triggers

– Efficiency: Routing optimizations

– Scalability: For n triggers and N servers, each server will store n/N

triggers on an average – Stability: Mapping between triggers and servers is relatively stable

over time.

• Incremental deployment is possible

• Legacy applications can be supported by proxy which insertstriggers on behalf of client

– UDP based applications can be benefitted without any modification


8/16/2019 Lec 11_27_Sept


Example

• ID space [0..63] partitioned across five i3 nodes

• Each host knows one i3 node

• R inserts trigger (37, R); S sends packet (37, data)


8/16/2019 Lec 11_27_Sept


Optimization: Path Length

• Sender/receiver caches i3 node mapping a specific ID

• Subsequent packets are sent via one i3 node


8/16/2019 Lec 11_27_Sept


Public and Private Triggers

•The identifier of a public trigger is known by all end hosts inthe system – e.g. Web server maintains a public trigger to allow any client to

contact it

• Public triggers are long lived while as private triggers exists

only during the duration of the flow• Example:

– Consider a web server B with public trigger (idpub, B)

– Client A chooses a private trigger identifier (ida, A) to contact serverB and insert this trigger into i3, also sends ida to B via its public

trigger – Similarly, server B also insert its private trigger and sends to A via

A’s private trigger

– Now both use private triggers to communicate.

Advanced Computer Networks CS G52522

8/16/2019 Lec 11_27_Sept

23/33


Optimization: Location-aware Triggers

• Well-known (public) trigger for initial rendezvous

• Exchange a pair of (private) triggers well-located

• Use private triggers to send data traffic

Private Triggers:

- S can insert a trigger [1,S] that is stored at server 3

- R can chose a trigger [30,R] that is stored at server 35 23Advanced Computer Networks CS G525

8/16/2019 Lec 11_27_Sept

24/33


Security

• i3 end-points also store routing information

– New opportunities for malicious users

• Goal: make i3 not worse than today’s Internet


8/16/2019 Lec 11_27_Sept

25/33


Some Attacks


8/16/2019 Lec 11_27_Sept

26/33


Eavesdropping: Solutions

•

Attacker can diverts the traffic towards itself (multicastscenario), simply by inserting trigger with desired id

and own IP address

• Solutions

– Use private triggers, periodically change them, multiple

private triggers

– End hosts can use public triggers to choose private triggers

which can be used for data transfer

– Brute force attack is difficult due to the length of the

identifier used (i.e. 256 bits)


8/16/2019 Lec 11_27_Sept

27/33


Trigger hijacking: Solution

• Isolating a host by removing its public trigger• To remove a trigger, attacker also requires IP address of

the host. Is it difficult to get it…?

• Solution – Add another level of indirection

– Server can insert two triggers (idp,x) and (x,S) in place of onetrigger i.e. (idp,S)

– Here x is known to S only and attacker needs x for removing

any of these triggers – Any performance impact …?

• Sol: Receiver can choose x such that both triggers are stored at thesame server


8/16/2019 Lec 11_27_Sept

28/33


DoS Attacks

•Attack on end host: – A malicious user can insert a hierarchy of triggers, in which all

triggers on the last level point to the victim

– A packet send to the trigger at the root of the hierarchy will

cause the packet to be replicated and all replicas to be send tothe victim

• Attack on the infrastructure

– An attacker can create trigger loops by connecting the leaves of

a trigger hierarchy to its root

– In this case each packet sent to the root will be exponentially

replicated!


8/16/2019 Lec 11_27_Sept

29/33


Dos Attack: Solution

• Assumption

– In i3, a trigger that’s points to an end host R is inserted by the

end host itself

• The verification of this assumption can stop attackers to

use hierarchy of triggers to mount a DoS attack

– A nonce packet can be send to the host to verify. If the

receiver fails to answer the nonce then…. – Leaf triggers will be removed from the trigger hierarchy if

verification fails


8/16/2019 Lec 11_27_Sept

30/33


Resource Allocation based

Solution

• Each i3 server uses Fair Queuing to allocate

resources amongst the triggers it stores

– As soon as each trigger reaches its fair share the

excess packets will be dropped

– Hence damage inflicted by the an attacker is only

proportional to the number of triggers it

maintains – Does this technique solve the problem….?


8/16/2019 Lec 11_27_Sept

31/33


Loop Detection

• When a trigger that does not points to an IPaddress is inserted, the server must check forthe possibility of the loop

•

How to detect the loop in i3…? – Send a special packet with a random nonce. If the

packet returns back to the server, the trigger is tobe removed


8/16/2019 Lec 11_27_Sept

32/33


Conclusions

• Indirection – key technique to implement basiccommunication abstractions

– Multicast, Anycast, Mobility, …

• This work

– Advocates for building an efficient Indirection Layer on topof IP

– Explores the implications of changing the communicationabstraction

• For more details, visit – http://i3.cs.berkeley.edu/


http://i3.cs.berkeley.edu/http://i3.cs.berkeley.edu/

8/16/2019 Lec 11_27_Sept

33/33

Thank You !

33

lec 11_27_sept

Documents