Overlay(Networks(and(Tunneling(Reading:(4.5,(9.4(COS(461:(Computer(Networks(Spring(2009((MW(1:30‐2:50(in(COS(105)(Mike(Freedman(Teaching(Assistants:(WyaN(Lloyd(and(Jeff(Terrace(hNp://www.cs.princeton.edu/courses/archive/spring09/cos461/(1!Goals(of(Today’s(Lecture(• MoVvaVons(for(overlay(networks(– Incremental(deployment(of(new(protocols(– Customized(rouVng(and(forwarding(soluVons(• Overlays(for(parVal(deployments(– 6Bone,(Mbone,(security,(mobility,(…(• Resilient(Overlay(Network((RON)(– AdapVve(rouVng(through(intermediate(node(• MulV‐protocol(label(switching((MPLS)(– Tunneling(at(L2.5(2!Overlay(Networks(3!Overlay(Networks(4!Overlay(Networks(5!Focus at the application levelIP(Tunneling(to(Build(Overlay(Links(• IP(tunnel(is(a(virtual(point‐to‐point(link(– Illusion(of(a(direct(link(between(two(separated(nodes(• EncapsulaVon(of(the(packet(inside(an(IP(datagram(– Node(B(sends(a(packet(to(node(E(– …(containing(another(packet(as(the(payload(6!A B E F tunnel Logical view: Physical view: A B E FTunnels(Between(End(Hosts(7!A!C!B!Src: A!Dest: B!Src: A!Dest: B!Src: A!Dest: C!Src: A!Dest: B!Src: C!Dest: B!Overlay(Networks(• A(logical(network(built(on(top(of(a(physical(network(– Overlay(links(are(tunnels(through(the(underlying(network(• Many(logical(networks(may(coexist(at(once(– Over(the(same(underlying(network(– And(providing(its(own(parVcular(service(• Nodes(are(o`en(end(hosts(– AcVng(as(intermediate(nodes(that(forward(traffic(– Providing(a(service,(such(as(access(to(files(• Who(controls(the(nodes(providing(service?(– The(party(providing(the(service((– Distributed(collecVon(of(end(users(8!Overlays(for(Incremental(Deployment(9!Using(Overlays(to(Evolve(the(Internet(• Internet(needs(to(evolve(– IPv6(– Security(– Mobility(– MulVcast(• But,(global(change(is(hard(– CoordinaVon(with(many(ASes(– “Flag(day”(to(deploy(and(enable(the(technology(• Instead,(beNer(to(incrementally(deploy(– And(find(ways(to(bridge(deployment(gaps(10!6Bone:(Deploying(IPv6(over(IP4(11!A B E F IPv6 IPv6 IPv6 IPv6 tunnel Logical view: Physical view: A B E F IPv6 IPv6 IPv6 IPv6 C D IPv4 IPv4 Flow: X Src: A Dest: F data Flow: X Src: A Dest: F data Flow: X Src: A Dest: F data Src:B Dest: E Flow: X Src: A Dest: F data Src:B Dest: E A-to-B: IPv6 E-to-F: IPv6 B-to-C: IPv6 inside IPv4 B-to-C: IPv6 inside IPv4Secure(CommunicaVon(Over(Insecure(Links(• Encrypt(packets(at(entry(and(decrypt(at(exit(• Eavesdropper(cannot(snoop(the(data(• …(or(determine(the(real(source(and(desVnaVon(12!CommunicaVng(With(Mobile(Users(• A(mobile(user(changes(locaVons(frequently(– So,(the(IP(address(of(the(machine(changes(o`en(• The(user(wants(applicaVons(to(conVnue(running(– So,(the(change(in(IP(address(needs(to(be(hidden(• SoluVon:(fixed(gateway(forwards(packets(– Gateway(has(a(fixed(IP(address(– …(and(keeps(track(of(the(mobile’s(address(changes(13!gateway!www.cnn.com!IP(MulVcast(• MulVcast(– Delivering(the(same(data(to(many(receivers(– Avoiding(sending(the(same(data(many(Vmes(• IP(mulVcast(– Special(addressing,(for warding,(and(rouVng(schemes(14!unicast! multicast!MBone:(MulVcast(Backbone(• A(catch‐22(for(deploying(mulVcast(– Router(vendors(wouldn’t(support(IP(mulVcast(– …(since(they(weren’t(sure(anyone(would(use(it(– And,(since(it(didn’t(exist,(nobody(was(using(it(• Idea:(so`ware(implemenVng(mulVcast(protocols(– And(unicast(tunnels(to(traverse(non‐parVcipants(15!MulVcast(Today(• Mbone(applicaVons(starVng(in(early(1990s(– Primarily(video(conferencing,(but(no(longer(operaVonal(• SVll(many(challenges(to(deploying(IP(mulVcast(– Security(vulnerabiliVes,(business(models,(…(• ApplicaVon‐layer(mulVcast(is(more(prevalent(– Tree(of(servers(delivering(the(content(– CollecVon(of(end(hosts(cooperaVng(to(delivery(video(• Some(mulVcast(within(individual(ASes(– Financial(sector:(stock(Vckers(– Within(campuses(or(broadband(networks:(TV(shows(– Backbone(networks:(IPTV(16!Case(Study:(Resilient(Overlay(Networks(17!RON:(Resilient(Overlay(Networks(18!Premise:(by(building(applicaVon(overlay(network,(can(increase(performance(and(reliability(of(rouVng(Two-hop (app-level) Berkeley-to-Princeton route app-layer router Princeton!Yale!Berkeley!http://nms.csail.mit.edu/ron/!RON(Circumvents(Policy(RestricVons(• IP(rouVng(depends(on(AS(rouVng(policies(– But(hosts(may(pick(paths(that(circumvent(policies(19!USLEC!PU!Patriot!ISP!me!My home !computer!RON(Adapts(to(Network(CondiVons(• Start(experiencing(bad(performance(– Then,(start(forwarding(through(intermediate(host(20!A!C!B!RON(Customizes(to(ApplicaVons(• VoIP(traffic:(low‐latency(path(• Bulk(transfer:(high‐bandwidth(path(21!A!C!B!bulk transfer!How(Does(RON(Work?(• Keeping(it(small(to(avoid(scaling(problems(– A(few(friends(who(want(beNer(service(– Just(for(their(communicaVon(with(each(other(– E. g.,(VoIP,(gaming,(collaboraVve(work,(etc.(• Send(probes(between(each(pair(of(hosts(22!A!C!B!How(Does(RON(Work?(• Exchange(the(results(of(the(probes(– Each(host(shares(results(with(every(other(host(– EssenVally(running(a(link‐state(protocol!(– So,(every(host(knows(the(performance(properVes(• Forward(through(intermediate(host(when(needed(23!A!C!B!B!RON(Works(in(PracVce(• Faster(reacVon(to(failure(– RON(reacts(in(a(few(seconds(– BGP(someVmes(takes(a(few(minutes(• Single‐hop(indirect(rouVng(– No(need(to(go(through(many(intermediate(hosts(– One(extra(hop(circumvents(the(problems(• BeNer(end‐to‐end(paths(– CircumvenVng(rouVng(policy(restricVons(– SomeVmes(the(RON(paths(are(actually(shorter(24!RON(Limited(to(Small(Deployments(• Extra(latency(through(intermediate(hops(– So`ware(delays(for(packet(forwarding(– PropagaVon(delay(across(the(access(link(• Overhead(on(the(intermediate(node(– Imposing(CPU(and(I/O(load(on(the(host(– Consuming(bandwidth(on(the(access(link(• Overhead(for(probing(the(virtual(links(– Bandwidth(consumed(by(frequent(probes(– Trade‐off(between(probe(overhead(and(detecVon(speed(• Possibility(of(causing(instability(– Moving(traffic(in(response(to(poor(performance(–
View Full Document
Unlocking...