Overlay Networks and Tunneling Reading: 4.5, 9.4Goals of Today’s LectureOverlay NetworksSlide 4Slide 5IP Tunneling to Build Overlay LinksTunnels Between End HostsSlide 8Overlays for Incremental DeploymentUsing Overlays to Evolve the Internet6Bone: Deploying IPv6 over IP4Secure Communication Over Insecure LinksCommunicating With Mobile UsersIP MulticastMBone: Multicast BackboneMulticast TodayCase Study: Resilient Overlay NetworksRON: Resilient Overlay NetworksRON Circumvents Policy RestrictionsRON Adapts to Network ConditionsRON Customizes to ApplicationsHow Does RON Work?Slide 23RON Works in PracticeRON Limited to Small DeploymentsWe saw tunneling “on top of” IP. What about tunneling “below” IP?Why Tunnel?MPLS OverviewSlide 29Circuit Abstraction: Label SwappingReconsider security problemLayer 3 Virtual Private NetworksLayer 2 vs. Layer 3 VPNsLayer 3 BGP/MPLS VPNsHigh-Level Overview of OperationBGP/MPLS VPN key componentsVirtual Routing and ForwardingForwardingForwarding in BGP/MPLS VPNsSlide 40ConclusionsOverlay Networks and TunnelingReading: 4.5, 9.4COS 461: Computer NetworksSpring 2009 (MW 1:30-2:50 in COS 105)Mike FreedmanTeaching Assistants: Wyatt Lloyd and Jeff Terracehttp://www.cs.princeton.edu/courses/archive/spring09/cos461/1Goals of Today’s Lecture•Motivations for overlay networks–Incremental deployment of new protocols–Customized routing and forwarding solutions•Overlays for partial deployments–6Bone, Mbone, security, mobility, …•Resilient Overlay Network (RON)–Adaptive routing through intermediate node•Multi-protocol label switching (MPLS)–Tunneling at L2.52Overlay Networks3Overlay Networks4Overlay Networks5Focus at the application levelIP Tunneling to Build Overlay Links•IP tunnel is a virtual point-to-point link–Illusion of a direct link between two separated nodes•Encapsulation of the packet inside an IP datagram–Node B sends a packet to node E–… containing another packet as the payload6ABEFtunnelLogical view:Physical view:ABEFTunnels Between End Hosts7ACBSrc: ADest: BSrc: ADest: BSrc: ADest: CSrc: ADest: BSrc: CDest: BOverlay Networks•A logical network built on top of a physical network–Overlay links are tunnels through the underlying network•Many logical networks may coexist at once–Over the same underlying network–And providing its own particular service•Nodes are often end hosts–Acting as intermediate nodes that forward traffic–Providing a service, such as access to files•Who controls the nodes providing service?–The party providing the service –Distributed collection of end users8Overlays for Incremental Deployment9Using Overlays to Evolve the Internet•Internet needs to evolve–IPv6–Security–Mobility–Multicast•But, global change is hard–Coordination with many ASes–“Flag day” to deploy and enable the technology•Instead, better to incrementally deploy–And find ways to bridge deployment gaps106Bone: Deploying IPv6 over IP411ABEFIPv6IPv6IPv6IPv6tunnelLogical view:Physical view:ABEFIPv6IPv6IPv6IPv6CDIPv4IPv4Flow: XSrc: ADest: FdataFlow: XSrc: ADest: FdataFlow: XSrc: ADest: FdataSrc:BDest: EFlow: XSrc: ADest: FdataSrc:BDest: EA-to-B:IPv6E-to-F:IPv6B-to-C:IPv6 insideIPv4B-to-C:IPv6 insideIPv4Secure Communication Over Insecure Links•Encrypt packets at entry and decrypt at exit•Eavesdropper cannot snoop the data•… or determine the real source and destination12Communicating With Mobile Users•A mobile user changes locations frequently–So, the IP address of the machine changes often•The user wants applications to continue running–So, the change in IP address needs to be hidden•Solution: fixed gateway forwards packets–Gateway has a fixed IP address–… and keeps track of the mobile’s address changes13gatewaywww.cnn.comIP Multicast•Multicast–Delivering the same data to many receivers–Avoiding sending the same data many times•IP multicast–Special addressing, forwarding, and routing schemes14unicast multicastMBone: Multicast Backbone•A catch-22 for deploying multicast–Router vendors wouldn’t support IP multicast–… since they weren’t sure anyone would use it–And, since it didn’t exist, nobody was using it•Idea: software implementing multicast protocols–And unicast tunnels to traverse non-participants15Multicast Today•Mbone applications starting in early 1990s–Primarily video conferencing, but no longer operational•Still many challenges to deploying IP multicast–Security vulnerabilities, business models, …•Application-layer multicast is more prevalent–Tree of servers delivering the content–Collection of end hosts cooperating to delivery video•Some multicast within individual ASes–Financial sector: stock tickers–Within campuses or broadband networks: TV shows–Backbone networks: IPTV16Case Study: Resilient Overlay Networks17RON: Resilient Overlay Networks18Premise: by building application overlay network, can increase performance and reliability of routingTwo-hop (app-level)Berkeley-to-Princeton routeapp-layer routerPrincetonYaleBerkeleyhttp://nms.csail.mit.edu/ron/RON Circumvents Policy Restrictions•IP routing depends on AS routing policies–But hosts may pick paths that circumvent policies19USLECPUPatriotISPmeMy home computerRON Adapts to Network Conditions•Start experiencing bad performance–Then, start forwarding through intermediate host20ACBRON Customizes to Applications•VoIP traffic: low-latency path•Bulk transfer: high-bandwidth path21ACBvoicebulk transferHow Does RON Work?•Keeping it small to avoid scaling problems–A few friends who want better service–Just for their communication with each other–E.g., VoIP, gaming, collaborative work, etc.•Send probes between each pair of hosts22ACBHow Does RON Work?•Exchange the results of the probes–Each host shares results with every other host–Essentially running a link-state protocol!–So, every host knows the performance properties•Forward through intermediate host when needed23ACBBRON Works in Practice•Faster reaction to failure–RON reacts in a few seconds–BGP sometimes takes a few minutes•Single-hop indirect routing–No need to go through many intermediate hosts–One extra hop circumvents the problems•Better end-to-end paths–Circumventing routing policy restrictions–Sometimes the RON paths are actually shorter24RON Limited to Small Deployments•Extra latency through intermediate hops–Software delays for packet
View Full Document
Unlocking...