Towards a New Naming Architectures

Ion Stoica, Scott Shenker, and many others…

2

Goals

• Support – Mobility: machine, data, session– Multi-homing, multiple-interfaces

• Make middle-boxes part of architecture• Security

– Better support against DDoS– Anonymity

• …

3

Designs

• Host Identity Protocol (HIP)• Internet Indirection Infrastructure (i3)• Semantic-Free Referencing (SFR)• Layered Naming Architecture (LNA)

4

Designs

Host Identity Protocol (HIP)• Internet Indirection Infrastructure (i3)• Semantic-Free Referencing (SFR)• Layered Naming Architecture (LNA)

5

Host Identity Protocol (HIP)

• Provides: – Fast mobility– Multi-homing– Support for different addressing schemes

• Transparent IPv4 to IPv6 migration – Security

• Anonymity • Secure and authenticate datagrams

6

HIP

• A public key used to identify an end-host

• A 128-bit host identity tag (HIT) used for system calls– HIT is a hash on public key– Global scope

• A 32-bit local scope identifier (LSI) for IPv4 compatibility

HIT replaces IP address as a name of a system

HIT replaces IP address as a name of a system

7

Protocol Stack

Process

Transport

IP Layer

<IPaddr, port>

<IPaddr>

Process

Transport

HIP Layer

IP Layer

<HIT, port>

<IPaddr>

<HIT>

8

HIT

How It Works?

Client app

HIP layer

IPsec

HIPdaemon

DNSlibrary

DNSDNS request

DNS reply =

pubkey (P)

HIT=hash(P)IPaddr

Client app

HIP Layer

IPsec

HIPdaemon

4-way authenticationTransport

HIT

IPaddr, P

send(HIT)

send(HIT)

send(IPaddr)

send(IPaddr)

Transport

9

Designs

• Host Identity Protocol (HIP) Internet Indirection Infrastructure (i3)• Semantic-Free Referencing (SFR)• Layered Naming Architecture (LNA)

10

Internet Indirection Infrastructure (i3)

• Supports:– Mobility– Multi-homing– Anycast– Multicast

• Accommodate middle-boxes• Security

– Anonymity– DoS

11

Internet Indirection Infrastructure (i3)

• Each packet is associated an identifier id• To receive a packet with identifier id,

receiver R maintains a trigger (id, R) into the overlay network

Sender

id Rtrigger

iddata

Receiver (R)

iddata

Rdata

12

Integrate Middle-Boxes

• Use a stack of IDs to encode sequence of operations to be performed on data path

SenderReceiver (R)

idT Tid R

Transcoder (T)

T,iddata

iddata

Rdata

idT,iddata idT,iddata

13

i3 Identifiers

• 256-bit IDs• ID ultimately mapped to an (IPaddr:port)

– Mapping under application control• ID can represent

– A host, flow, service, etc

ID can identify any entity thatcan receive packets

ID can identify any entity thatcan receive packets

14

Sender specific

Protocol Stack

Process

Transport

IP Layer

<IPaddr, port>

<IPaddr>

Process

Transport

i3 layer(IPlocal->ID)

IP Layer

ID/<IPlocal, port>

<IPi3>

<ID>

local scope

15

How It Works?(Native i3 Applications)

Client app

i3 layer

DNSDNS request

DNS reply = id

send(IPi3)

Client app

i3 layer

IP

i3daemon

IP

Transport

id RIPi3

Receiver R

send(id)

Transportsend(id)

send(id)

16

How It Works?(Legacy Applications)

Client app

i3 layer

i3daemon

DNSlibrary

DNSDNS request

DNS reply = id

id

send(IPlocal, port)

send(IPi3)

Client app

i3 layer

IP

i3daemon

IPlocal

id,IPlocal

IP

Transport

id (r:p)IPi3

IP address: r

send(id)

send(r,p)

Transport

17

Designs

• Host Identity Protocol (HIP)• Internet Indirection Infrastructure (i3)Semantic-Free Referencing (SFR)• Layered Naming Architecture (LNA)

18

Goal: Address DNS Limitations

• DNS names identify machines and organizations not data – Data cannot be easily moved – Data cannot be easily replicated

• DNS names are brand names– Political fighting

19

SFR Solution

• Use IDs instead of DNS name• ID space is flat and IDs have no

semantics• A generalization of DNS

– Returns metadata instead of an IP address

• How to implement it?– Use distributed hash-tables (DHTs)!

20

DHT Primer

• Interface– put(id, data)– data = get(id)

• Highly scalable– O(log N) hops to execute an operation

• Highly robust– Can tolerate ~50% of nodes going down

• Highly dynamic– Entries can be changed very fast

21

Designs

• Host Identity Protocol (HIP)• Internet Indirection Infrastructure (i3)• Semantic-Free Referencing (SFR) Layered Naming Architecture (LNA)

22

Layered Naming Architecture (LNA)

• Supports:– Mobility– Multi-homing

• Integrate middle-boxes• Security (through middle-boxes)

– Anonymity– DoS– …

23

A Old Naming Taxonomy

• Four kinds of network entities (Saltzer):– Services (and data)– Hosts (endpoints)– Network attachment points– Paths

• Should name each individually:– Ignore paths (router involvement)– IP addresses name attachment points– Endpoint identifiers (EIDs) name hosts – Service identifiers (SIDs) name services/data

24

Protocol Stack

Process

Transport

IP Layer

<IPaddr, port>

<IPaddr>

Process

Transport

EID↔IP

IP Layer

<EID, port>

<IPaddr>

<EID>

SID↔EID <SID>

25

How It Works?

Client app “DNS”DNS request

DNS reply = sid

send(IPi)

Client app

LNAdaemon

IP

Transport

send(sid)

DHTeid = get(sid)SID↔EI

Dsend(eid)

EID↔IP

send(eid) IP = get(eid)

put(sid, eid)put(eid, IP)

IP

Transport

SID↔EID

EID↔IPIntermediary (IPi)

26

Principles

• Don’t bind to lower-level IDs prematurely – Host mobility and renumbering (HIP)– Service and data migration

• Resolution of name need not point to object itself, but can point to its delegate– Resolution can point to intermediaries who

process packets on behalf of the named target

27

Naming Architecture Requirements

1) There should be a layer in the protocol stack that uses IDs not IP addresses• Mobility, multi-homing, replications, …

2) IDs should be able to name arbitrary objects

3) IDs should encode as little semantics as possible

4) End-points should be able to use indirection at the ID level• Integrate middle boxes

28

How Many ID Layers?

• HIP: one layer; IDs identify machines• SFR: one layer; IDs identify data• i3: one layer; IDs identify arbitrary

objects• LNA: two layers

– EIDs identify machines– SIDs identify everything else

29

When is the Resolution IDIP Done?

• SFR: above transport• HIP: below transport, at HIP layer• i3: in the infrastructure• LNA: below transport

– But IP address can be an intermediate point

30

Security Support?

• HIP: – Authentication, data integrity– Anonymity at transport layer – Transport layer resistance to DoS attacks

• i3– Anonymity at IP layer– Some DoS defense at IP layer– Everything else can be done though middle-

boxes • LNA

– Everything can be done through middle-boxes

31

Resources

• HIP: http://homebase.htt-consult.com/~hip/

• SFR: http://nms.lcs.mit.edu/projects/sfr/• i3: http://i3.cs.berkeley.edu