Recursive InterNetwork Architecture. A policy-based recursive approach to building a better Internet
|
|
- Alfred Wilkins
- 8 years ago
- Views:
Transcription
1 Recursive InterNetwork Architecture A policy-based recursive approach to building a better Internet Abraham Matta College of Arts & Sciences Computer Science Boston University March
2 Collaborators q PhD Students: Yuefeng Wang Nabeel Akhtar q Alumni: Flavio Esposito, Exegy Karim Mattar, Akamai Vatche Ishakian, BBN Gowtham Boddapati, Akamai Gonca Gursun, Ozyegin U. (Turkey) Joseph Akinwumi q Faculty John Day Lou Chitkushev q Outside Collaborators: Eduard Grasa, i2cat, Spain Eleni Trouva, i2cat, Spain Steve Bunch, TRIA Network Systems Peter DeWolf, TRIA Miguel Ponce de Leon, TSSG, Ireland Patrick Phelan, x-tssg, Ireland Xavier Hesselbach-Serra, UPC, Spain Louis Pouzin, father of connectionless networking 2
3 What s wrong with Ad-Hoc Wireless Network Laptop today s Internet? Wireless Mesh Backbone Cell phone PDA Internet Cellular Data Network Mesh router with gateway Wireless Sensor Network Laptop Sensor Event VoIP + video/tv streaming Sensor PDA Base Station q The brave new world Cell phone larger scale, more diverse technologies new services: content-driven, cloud-based, context-aware, mobile, socially-driven, secure, profitable, q Custom point-solutions: No or little science q Lots of problems: Denial-of-service attacks, bad performance, hard to manage, 3 Sink
4 Questions q Is the Internet s architecture fundamentally broken that we need to clean slate? q Can we find a new architecture that is complete, yet minimal? If so, what is it? q Can we transition to it without requiring everyone to adopt it? q YES q RINA (Recursive InterNetwork Architecture)? Based on Networking is inter-process communication --Robert Metcalfe 72 q YES 4
5 Talk Outline q Problems with today s Internet architecture q Our Recursive IPC-based Net Architecture one IPC layer that repeats over different scopes q One Data Transfer Protocol (DTP) soft-state (ala Delta-t) approach q One Common Distributed Application Protocol (CDAP) stateless (ala CMIP), used by management applications naming & addressing multihoming, mobility q Prototyping, evaluation, conclusions
6 Talk Outline q Problems with today s Internet architecture q Our Recursive IPC-based Net Architecture one IPC layer that repeats over different scopes q One Data Transfer Protocol (DTP) soft-state (ala Delta-t) approach q One Common Distributed Application Protocol (CDAP) stateless (ala CMIP), used by management applications naming & addressing multihoming, mobility q Prototyping, evaluation, conclusions
7 Internet s view: one big, flat, open net Application Web, , ftp, Application Transport TCP, UDP, IP protocol Transport Network Network Network Data Link DL DL Data Link Physical PHY PHY Physical q There s no building block q The hour-glass model imposed a least common denominator q We named and addressed the wrong things (i.e., interfaces) 7
8 Internet s view: one big, flat, open net Application Web, , ftp, Application Transport Network Data Link Physical TCP, UDP, IP protocol Network DL DL PHY PHY Transport Network Data Link Physical q We exposed addresses to applications q We hacked in middleboxes q Built a network of boxes, rather than networks of processes 8
9 Ex1: Bad Addressing & Routing Want to send message to Bob Alice Bob à I 1 I 1 Bob ` multi-homed destination To: I 1 I 2 q Naming interfaces application bound to a path (point-of-attachment address) huge routing tables q Hard to deal with multihoming and mobility 9
10 Ex2: Ad hoc Scalability & Security Mapping Table can t initiate connection NAT, id A ß à B, id B A NAT B ` To: NAT, id A message To: B, id B message q Network Address Translator aggregates private addresses q NAT acts as firewall preventing attacks on private addresses & ports causing so-called layer violations q Hard to coordinate communication across domains when we want to 10
11 Talk Outline q Problems with today s Internet architecture q Our Recursive IPC-based Net Architecture one IPC layer that repeats over different scopes q One Data Transfer Protocol (DTP) soft-state (ala Delta-t) approach q One Common Distributed Application Protocol (CDAP) stateless (ala CMIP), used by management applications naming & addressing multihoming, mobility q Prototyping, evaluation, conclusions
12 Our Solution: divide-and-conquer [ReArch/CoNEXT 08] q Application processes communicate over Distributed IPC Facility (DIF) a distributed application that does IPC q DIF management is internal è better security q IPC processes are application processes to lower DIF s q Recurse as needed è better management & scalability q Well-defined interfaces è predictable service 12
13 Recursive Architecture based on IPC Base Repeat Case 2-DIF 1-DIF 0-DIF 0-DIF 0-DIF node 1 node 2 node 3 node 4 DIF = Distributed IPC Facility (locus of shared state=scope) Policies are tailored to scope of DIF 13
14 RINA allows scoping of services Application Web, , ftp, Transport TCP, UDP, Network IP Network DIF Data Link DL DL DIF Physical PHY PHY DIF Application Transport Network Data Link Physical q The DIF is the building block (layer) and can be composed A DIF has all that is needed to manage a network, i.e. it integrates routing, transport and management q E2E (end-to-end principle) is not relevant! Each DIF layer provides transport flow service/qos over its scope q IPv6 is/was a waste of time! Each DIF layer has its private addresses 14
15 What goes into a DIF? IPC Transfer Delimiting Transfer Relaying/ Muxing PDU Protection DTSV IPC Control RIB IPC Management q Processing at 3 timescales, decoupled by either a State Vector or a Resource Information Base IPC Transfer actually moves the data Applications, e.g., routing, resource allocation, access control, etc. Common Distributed Application Protocol IPC Control (optional) for transmission, error, flow control, etc. IPC Management for routing, resource allocation, locating applications, access control, monitoring lower layer, etc. 15
16 Talk Outline q Problems with today s Internet architecture q Our Recursive IPC-based Net Architecture one IPC layer that repeats over different scopes q One Data Transfer Protocol (DTP) soft-state (ala Delta-t) approach q One Common Distributed Application Protocol (CDAP) stateless (ala CMIP), used by management applications naming & addressing multihoming, mobility q Prototyping, evaluation, conclusions
17 Only one Data Transfer Protocol [NetDB 09, PFLDNeT 10] port-id Flow Allocation Local Mapping conn-id DIF q RINA decouples port allocation and access control from data synchronization and transfer q At each end, port and conn ID are allocated dynamically and bound to each other by management (using CDAP) in a hardstate fashion 17
18 Only one Data Transfer Protocol (2) port-id Local Mapping conn-id DIF q Once allocated, Data Transfer can start following Delta-t [Watson 81], a soft-state protocol Timers are necessary and sufficient for data synchronization and transfer Flows without data transfer control are UDP-like. Different policies support different requirements If there is a long idle period, conn state is discarded, but ports remain Conn IDs can be changed during data transfer and bound to same ports 18
19 RINA: Good Transport leads to Better Security [NPSec/ICNP 12] q In RINA, requesting applications never see addresses nor conn IDs No well-known ports Ports, dynamically allocated, are not part of conn IDs Service requested by application name Traditional port scanning attacks not possible Scanning application names is much more difficult, far larger name space port-id Local Mapping conn-id DIF 19
20 RINA: Good Transport leads to Better Security q In RINA, state of data transfer is soft, and conn IDs are allocated dynamically (and can change on the fly) Need to be authenticated and member of the DIF No explicit control messages to fabricate Conn IDs are hard to guess Conn opening and data transfer attacks are harder to mount port-id Local Mapping conn-id DIF 20
21 Talk Outline q Problems with today s Internet architecture q Our Recursive IPC-based Net Architecture one IPC layer that repeats over different scopes q One Data Transfer Protocol (DTP) soft-state (ala Delta-t) approach q One Common Distributed Application Protocol (CDAP) stateless (ala CMIP), used by management applications naming & addressing multihoming, mobility q Prototyping, evaluation, conclusions
22 Only One Application Protocol q For management applications, need only one stateless (soft-state) application protocol to access objects It does Read/Write, Create/Delete, Start/Stop q The objects are outside the protocol IPC Transfer Delimiting Transfer Relaying/ Muxing PDU Protection DTSV IPC Control RIB IPC Management Applications, e.g., routing, resource allocation, access control, etc. Common Distributed Application Protocol
23 RINA: Good Addressing private mgmt want to send message to Bob Bob Bob à B DIF B To: B DIF P q Each DIF is privately managed It assigns private node addresses to IPC processes It internally maps app/service name to node address An address is a synonym for an IPC process whose scope is limited to the DIF and may be structured to be useful within the DIF 23
24 RINA: Good Addressing recursive want to send message to Bob Bob DIF B To: B Bà P DIF P B and P are IPC processes on same system q Node address mapped to PoA (point-of-attachment) address q Roles are relative: node address is name for lower DIF, and PoA for higher DIF q Processes on a system are members of various DIF layers 24
25 RINA: Better Scalability & Security secure containers A relay B Public Internet Private Enterprise Network q Nothing more than applications establishing communication Authenticating that A is a valid member of the DIF Initializing it with current DIF information Assigning it an internal address for use in coordinating IPC This is enrollment, i.e., explicit negotiation to join DIF (access control) RINA decouples authentication from connection management and integrity/confidentiality 25
26 Good Design leads to Better Security q In RINA, underlying IPC processes must be authenticated to join DIF only insider attacks possible a hurdle that is not present in TCP/IP networks q Authentication and encryption are applied recursively no shim sublayers application process authentication module IPC process DIF integrity & confidentiality module 26
27 Good Design leads to Better Routing [FutureNet-III 10, WWIC 11, NoF 11, CC 12] source destination q Back to naming-addressing basics [Saltzer 82] Service/app name (location-independent) Node address (location-dependent) PoA address (path-dependent) Path q We clearly distinguish the last 2 mappings q Route: sequence of node addresses q Next-hop node address is mapped to PoA by lower DIF 27
28 Mobility is Inherent MH CH q Mobility is a dynamic form of multihoming q Mobile joins new DIF layers and leaves old ones q Local movement results in local routing updates 28
29 Mobility is Inherent CH q Mobility is a dynamic form of multihoming q Mobile joins new DIF layers and leaves old ones q Local movement results in local routing updates 29
30 Mobility is Inherent CH q Mobility is a dynamic form of multihoming q Mobile joins new DIF layers and leaves old ones q Local movement results in local routing updates 30
31 Simulation Results: RINA vs. LISP vs. [FutureNet-III 10, CC 12] RINA LISP LISP RINA q RINA inherently limits the scope of location update & inconsistency LISP (loc/id split): loc is still path-dependent! q RINA uses direct routing to destination node 31
32 Talk Outline q Problems with today s Internet architecture q Our Recursive IPC-based Net Architecture one IPC layer that repeats over different scopes q One Data Transfer Protocol (DTP) soft-state (ala Delta-t) approach q One Common Distributed Application Protocol (CDAP) stateless (ala CMIP), used by management applications naming & addressing multihoming, mobility q Prototyping, evaluation, conclusions
33 ProtoRINA [TR ,NSDI 13,GREE 13,GREE 14] q Overview Boston University s user-space prototype of the RINA architecture Experimental tool for new (non-ip) applications / policies Teaching tool for networking and distributed systems classes q Status cross-debugging with two other RINA prototypes (IRATI and TRIA) around 55,000 lines of Java code not complete; we continue to modify/add elements code and user manual available online 33
34 RINA Node q Distributed Application Facility (DAF): Distributed Application Processes cooperating to perform a certain function: communication, weather forecast, genomics, etc. q A DIF is a specific DAF whose job is only to provide IPC 34
35 IPC Process Provides communication service for application processes or higher level IPC processes 35
36 RINA API: IRM q Applications use it to allocate / deallocate flows, send / receive data, register / unregister their service 36
37 RINA API: RIB Daemon q Applications use this publish/subscribe API to access objects in a local RIB, or remote RIB (using CDAP) q Configuration files allow for selecting different policies (authentication, routing, etc.) 37
38 Dynamic Formation of a Virtual Private Cloud DIF App1 App2 E1 E2 Enterprise DIF CP1 CP2 Cloud Provider DIF q In RINA, Flow Allocation may involve instantiation of an underlying DIF, if one does not exist 38
39 Dynamic Formation of a Virtual Private Cloud DIF VPC1 Virtual Private Cloud DIF VPC2 VPC3 E1 E2 Enterprise DIF CP1 CP2 Cloud Provider DIF q A new application acts as a relay IPC 39
40 Dynamic Formation of a Virtual Private Cloud DIF App1 Customer Application DAF App2 VPC1 Virtual Private Cloud DIF VPC2 VPC3 E1 E2 Enterprise DIF CP1 CP2 Cloud Provider DIF 40
41 Policy-based Dynamic Service Management [TR ] App1 Customer Application DAF App2 VPC1 Virtual Private Cloud DIF VPC2 VPC3 E1 E2 Enterprise DIF CP1 CP2 Cloud Provider DIF Layer/DIF Management Layer/DIF Management 41
42 Policy-based Dynamic Service Management Network Management App1 Customer Application DAF App2 VPC1 Virtual Private Cloud DIF VPC2 VPC3 E1 E2 Enterprise DIF CP1 CP2 Cloud Provider DIF 42
43 Policy-based Dynamic Service Management App1 Customer Application DAF App2 Naming Management VPC1 Virtual Private Cloud DIF VPC2 VPC3 E1 E2 Enterprise DIF CP1 CP2 Cloud Provider DIF 43
44 Policy-based Dynamic Service Management Application Management App1 Customer Application DAF App2 VPC1 Virtual Private Cloud DIF VPC2 VPC3 E1 E2 Enterprise DIF CP1 CP2 Cloud Provider DIF 44
45 ProtoRINA over the GENI Testbed q Large-scale experimentation for correctness and performance q Run ProtoRINA within a long-lived slice over GENI researchers and educators can opt-in and experiment with programmable management policies 45
46 Example: One-level DIF Topology Node1 Node 2 App A App B Node A Node B Node C IPC 2 IPC 3 IPC 4 IPC 1 IPC 5 DIF IPC 6 IPC 7 IPC 8 Node D Node E Node F q Link-state updates sent every 10 seconds
47 Example: Two-level DIF Topology Node 1 Node 2 App A App B Node B DIF 5 IPC 14 IPC 13 IPC 16 IPC 15 Node A Node C IPC 2 IPC 3 IPC 4 IPC 5 IPC 6 IPC 1 DIF 1 DIF 2 IPC 12 DIF 4 IPC 11 IPC 10 IPC 9 IPC 8 Node D Node E Node F q 0-DIFs: Link-state updates sent every 10 seconds q 1-DIF: Link-state updates sent every 5 seconds IPC 7 DIF 3
48 GENI Resources q each RINA node on one VM from NYU aggregate nine VM s (one runs a naming service) 48
49 Effect of DIF Mgmt & Routing Policies Scoping (2-level DIF) yields faster convergence and less OOO packets with similar routing overhead* * Generally lower routing overhead for larger multi-level DIF topologies
50 How does RINA compare? q Related work: many, but not holistic We claim RINA is more complete and minimal RINA subsumes the mechanisms and policies of other architectural proposals q Security: DIF is a secure container of coordinated IPC processes RINA supports secure address spaces as in XIA q Manageability: DIF defines a scope that is locally managed RINA separates mechanisms from policies RINA has one recursive layer configurable with policies beyond middleware, tunneling, cross-layer approaches RINA supports virtual slices as in Nebula 50
51 How does RINA compare? (2) q Scalability: the multi-level DIF structure limits the scope of control and management Routing table size of a system depends on only those DIFs to which its IPC processes join q Content-based: service/app name is locationindependent, node address is not path-dependent beyond loc/id split approaches RINA supports multihoming and mobility as in Serval or Mobility-First, but inherently via local routing updates RINA supports content discovery as in NDN q Socially-driven / Cloud-based: DIF is dynamically formed to enable IPC among cloud / peer processes 51
52 How does RINA compare? (3) q Adoption: DIF is an overlay, internally managed using only two protocols: data transfer and management q Network neutrality: not relevant User has a choice of which DIF to join DIF differentiates its services via policies mechanisms are the same q Marketplace: individual services of DIFs can be (recursively) composed to offer new user services 52
53 References q q q q q q q [Book 08] John Day. "Patterns in Network Architecture: A Return to Fundamentals". Prentice Hall, Jan [ReArch/CoNEXT 08] John Day, Ibrahim Matta, and Karim Mattar. "Networking is IPC: A Guiding Principle to a Better Internet". In ReArch'08 (with CoNEXT), Madrid, SPAIN, Dec [NetDB 09] Karim Mattar, Ibrahim Matta, John Day, Vatche Ishakian, and Gonca Gursun. "Declarative Transport: A Customizable Transport Service for the Future Internet". In 5 th Int. Workshop on Networking Meets Databases (with SOSP), Big Sky, MT, Oct [PFLDNet 10] Gonca Gursun, Ibrahim Matta, and Karim Mattar. "On the Performance and Robustness of Managing Reliable Transport Connections". In 8 th Int. Workshop on Protocols for Future, Large-Scale and Diverse Network Transports, Lancester, PA, Nov [NPSec/ICNP 12] Gowtham Boddapati, John Day, Ibrahim Matta, and Lou Chitkushev. "Assessing the Security of a Clean-Slate Internet Architecture". In 7 th Workshop on Secure Network Protocols (with ICNP), Austin, Texas, Oct [FutureNet-III 10] Vatche Ishakian, Joseph Akinwumi, Ibrahim Matta. "On the Cost of Supporting Multihoming and Mobility". In 3 rd Int. Workshop on the Network of the Future (with GLOBECOM 2010), Miami, Florida, Dec [WWIC 11] Eleni Trouva, Eduard Grasa, John Day, Ibrahim Matta, Lou Chitkushev, Steve Bunch, Miguel Ponce de Leon, Patrick Phelan, and Xavier Hesselbach-Serra. "Transport over Heterogeneous Networks Using the RINA Architecture. In 9 th Int. Conference on Wired/ Wireless Internet Communications, Barcelona, SPAIN, June
54 References q q q q q q q [NoF 11] John Day, Eleni Trouva, Eduard Grasa, Patrick Phelan, Miguel Ponce de Leon, Steve Bunch, Ibrahim Matta, Lou Chitkushev, and Louis Pouzin. "Bounding the Router Table Size in an ISP Network using RINA". In 2 nd Int. Conference on Network of the Future, Universite Pierre et Marie Curie, Paris, FRANCE, Nov [CC 12] Vatche Ishakian, Joseph Akinwumi, Flavio Esposito, Ibrahim Matta. "On Supporting Mobility and Multihoming in Recursive Internet Architectures". Computer Communications, Volume 35 Issue 13, July [TR ] Yuefeng Wang, Flavio Esposito, Ibrahim Matta and John Day. Boston University s RINA Prototype: Programming Manual. Technical Report BUCS-TR , Boston University, [NSDI 13] Flavio Esposito, Yuefeng Wang, Ibrahim Matta and John Day. "Dynamic Layer Instantiation as a Service". Demo at USENIX Symp. on Networked Systems Design and Implementation, Lombard, IL, April [GREE 13] Yuefeng Wang, Flavio Esposito and Ibrahim Matta. "Demonstrating RINA using the GENI Testbed". In 2 nd GENI Research and Educational Experiment Workshop, Salt Lake City, Utah, Mar [GREE 14] Yuefeng Wang, Ibrahim Matta and Nabeel Akhtar. "Experimenting with Routing Policies using ProtoRINA over GENI". In 3 rd GENI Research and Educational Experiment Workshop, Atlanta, Georgia, Mar [TR ] Yuefeng Wang, Flavio Esposito, Ibrahim Matta and John Day. "RINA: An Architecture for Policy-Based Dynamic Service Management". Technical Report BUCS- TR , Boston University,
55 irati.eu pouzinsociety.org 55
Assessing the Security of a Clean-Slate Internet Architecture
Assessing the Security of a Clean-Slate Internet Architecture Security as Byproduct of Decoupling Different Concerns GOWTHAM BODDAPATI Akamai Technologies Cambridge, MA gboddapa@akamai.com JOHN DAY Metropolitan
More informationAssessing the Security of a Clean-Slate Internet Architecture
Assessing the Security of a Clean-Slate Internet Architecture Gowtham Boddapati John Day Ibrahim Matta Lou Chitkushev Metropolitan College College of Arts & Science Computer Science, Boston University
More informationNetwork Forensics in a Clean-Slate Internet Architecture
Network Forensics in a Clean-Slate Internet Architecture Tinus Strauss Department of Computer Science University of Pretoria, South Africa Email: tstrauss@cs.up.ac.za Martin S. Olivier Department of Computer
More informationLoad Balancing in Recursive Networks using Whatevercast Names
Load Balancing in Recursive Networks using Whatevercast Names E. Elahi, J. Barron, M. Crotty, Miguel Ponce de Leon and S. Davy Email: {eelahi, jbarron, mcrotty, miguelpdl, sdavy} @tssg.org Telecommunication
More informationIRATI - Investigating RINA as an Alternative to TCP/IP
Títol de la presentació de powerpoint IRATI - Investigating RINA as an Alternative to TCP/IP FIRE Engineering Workshop, Ghent, Belgium November 6th, 2012 Sergi Figuerola Project coordinator Director @
More informationExperimental evaluation of a Recursive InterNetwork Architecture prototype
Experimental evaluation of a Recursive InterNetwork Architecture prototype Sander Vrijders, Dimitri Staessens, Didier Colle (Ghent University iminds) Francesco Salvestrini, Vincenzo Maffione (Nextworks
More informationGENI Network Virtualization Concepts
GENI Network Virtualization Concepts Alexander Gall 22.2.2007 EFNI Workshop, Amsterdam 2007 SWITCH The GENI initiative GENI: Global Environment for Network Innovations. Initiative planned
More information10CS64: COMPUTER NETWORKS - II
QUESTION BANK 10CS64: COMPUTER NETWORKS - II Part A Unit 1 & 2: Packet-Switching Networks 1 and Packet-Switching Networks 2 1. Mention different types of network services? Explain the same. 2. Difference
More informationBOSTON UNIVERSITY METROPOLITAN COLLEGE. Thesis PATTERNS IN NETWORK SECURITY: AN ANALYSIS OF ARCHITECTURAL COMPLEXITY IN SECURING
BOSTON UNIVERSITY METROPOLITAN COLLEGE Thesis PATTERNS IN NETWORK SECURITY: AN ANALYSIS OF ARCHITECTURAL COMPLEXITY IN SECURING RECURSIVE INTER-NETWORK ARCHITECTURE NETWORKS by JEREMIAH SMALL B.S., University
More informationUnderstanding TCP/IP. Introduction. What is an Architectural Model? APPENDIX
APPENDIX A Introduction Understanding TCP/IP To fully understand the architecture of Cisco Centri Firewall, you need to understand the TCP/IP architecture on which the Internet is based. This appendix
More informationMobility (and philosophical questions about names and identity) David Andersen CMU CS 15-744. The problem
Mobility (and philosophical questions about names and identity) David Andersen CMU CS 15-744 The problem How to support mobile users What do we mean by support? Make it easy and convenient to effectively
More informationNetwork Virtualization: A Tutorial
Network Virtualization: A Tutorial George N. Rouskas Department of Computer Science North Carolina State University http://rouskas.csc.ncsu.edu/ Network Virtualization: A Tutorial OFC 2012, March 2012
More informationInternet Protocol (IP) IP - Network Layer. IP Routing. Advantages of Connectionless. CSCE 515: Computer Network Programming ------ IP routing
Process Process Process Layer CSCE 515: Computer Network Programming ------ IP routing Wenyuan Xu ICMP, AP & AP TCP IP UDP Transport Layer Network Layer Department of Computer Science and Engineering University
More informationSOFTWARE ENGINEERING 4C03. Computer Networks & Computer Security. Network Firewall
SOFTWARE ENGINEERING 4C03 Computer Networks & Computer Security Network Firewall HAO WANG #0159386 Instructor: Dr. Kartik Krishnan Mar.29, 2004 Software Engineering Department of Computing and Software
More informationMetroNet6 - Homeland Security IPv6 R&D over Wireless
MetroNet6 - Homeland Security IPv6 R&D over Wireless By: George Usi, President, Sacramento Technology Group and Project Manager, California IPv6 Task Force gusi@sactechgroup.com Acknowledgement Reference:
More informationNetwork Security TCP/IP Refresher
Network Security TCP/IP Refresher What you (at least) need to know about networking! Dr. David Barrera Network Security HS 2014 Outline Network Reference Models Local Area Networks Internet Protocol (IP)
More informationProtocols. Packets. What's in an IP packet
Protocols Precise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet Protocol (bottom level) all packets shipped from network to network as IP packets
More informationNetwork Address Translation (NAT) Adapted from Tannenbaum s Computer Network Ch.5.6; computer.howstuffworks.com/nat1.htm; Comer s TCP/IP vol.1 Ch.
Network Address Translation (NAT) Adapted from Tannenbaum s Computer Network Ch.5.6; computer.howstuffworks.com/nat1.htm; Comer s TCP/IP vol.1 Ch.20 Long term and short term solutions to Internet scalability
More informationIntegrating Security, Mobility, and Multi-Homing in a HIP way
Integrating Security, Mobility, and Multi-Homing in a way Pekka Nikander Ericsson Research Nomadiclab & Helsinki Institute for Information Technology Outline The problem: TCP/IP is getting old Locators
More information5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network
5.0 Network Architecture 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network 1 5.1The Internet Worldwide connectivity ISPs connect private and business users Private: mostly dial-up connections Business:
More informationAERONAUTICAL COMMUNICATIONS PANEL (ACP) ATN and IP
AERONAUTICAL COMMUNICATIONS PANEL (ACP) Working Group I - 7 th Meeting Móntreal, Canada 2 6 June 2008 Agenda Item x : ATN and IP Information Paper Presented by Naoki Kanada Electronic Navigation Research
More informationInternet 3.0: Ten Problems with Current Internet Architecture and a Proposal for the Next Generation
Internet 3.0: Ten Problems with Current Internet Architecture and a Proposal for the Next Generation Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@wustl.edu These slides are
More informationNetworking Test 4 Study Guide
Networking Test 4 Study Guide True/False Indicate whether the statement is true or false. 1. IPX/SPX is considered the protocol suite of the Internet, and it is the most widely used protocol suite in LANs.
More informationwww.mindteck.com 6LoWPAN Technical Overview
www.mindteck.com 6LoWPAN Technical Overview 6LoWPAN : Slide Index Introduction Acronyms Stack Architecture Stack Layers Applications IETF documents References Confidential Mindteck 2009 2 6LoWPAN - Introduction
More informationSBSCET, Firozpur (Punjab), India
Volume 3, Issue 9, September 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Layer Based
More informationBit Chat: A Peer-to-Peer Instant Messenger
Bit Chat: A Peer-to-Peer Instant Messenger Shreyas Zare shreyas@technitium.com https://technitium.com December 20, 2015 Abstract. Bit Chat is a peer-to-peer instant messaging concept, allowing one-to-one
More informationDesign of a SIP Outbound Edge Proxy (EPSIP)
Design of a SIP Outbound Edge Proxy (EPSIP) Sergio Lembo Dept. of Communications and Networking Helsinki University of Technology (TKK) P.O. Box 3000, FI-02015 TKK, Finland Jani Heikkinen, Sasu Tarkoma
More informationTrack 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT
Track 2 Workshop PacNOG 7 American Samoa Firewalling and NAT Core Concepts Host security vs Network security What is a firewall? What does it do? Where does one use it? At what level does it function?
More informationInternet 3.0: Ten Problems with Current Internet Architecture and a Proposal for the Next Generation
Internet 3.0: Ten Problems with Current Internet Architecture and a Proposal for the Next Generation Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@wustl.edu IEEE Distinguished
More information12. Firewalls Content
Content 1 / 17 12.1 Definition 12.2 Packet Filtering & Proxy Servers 12.3 Architectures - Dual-Homed Host Firewall 12.4 Architectures - Screened Host Firewall 12.5 Architectures - Screened Subnet Firewall
More informationValidating the System Behavior of Large-Scale Networked Computers
Validating the System Behavior of Large-Scale Networked Computers Chen-Nee Chuah Robust & Ubiquitous Networking (RUBINET) Lab http://www.ece.ucdavis.edu/rubinet Electrical & Computer Engineering University
More informationG-Lab: A Future Generation Internet Research Platform
Institute of Computer Science Department of Distributed Systems Prof. G-Lab: A Future Generation Internet Research Platform www3.informatik.uni-wuerzburg.de Institute of Computer Science University of
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationCSE 3461 / 5461: Computer Networking & Internet Technologies
Autumn Semester 2014 CSE 3461 / 5461: Computer Networking & Internet Technologies Instructor: Prof. Kannan Srinivasan 08/28/2014 Announcement Drop before Friday evening! k. srinivasan Presentation A 2
More informationSANE: A Protection Architecture For Enterprise Networks
Fakultät IV Elektrotechnik und Informatik Intelligent Networks and Management of Distributed Systems Research Group Prof. Anja Feldmann, Ph.D. SANE: A Protection Architecture For Enterprise Networks WS
More informationISTANBUL. 1.1 MPLS overview. Alcatel Certified Business Network Specialist Part 2
1 ISTANBUL 1.1 MPLS overview 1 1.1.1 Principle Use of a ATM core network 2 Overlay Network One Virtual Circuit per communication No routing protocol Scalability problem 2 1.1.1 Principle Weakness of overlay
More informationSOFTWARE DEFINED NETWORKS REALITY CHECK. DENOG5, Darmstadt, 14/11/2013 Carsten Michel
SOFTWARE DEFINED NETWORKS REALITY CHECK DENOG5, Darmstadt, 14/11/2013 Carsten Michel Software Defined Networks (SDN)! Why Software Defined Networking? There s a hype in the industry!! Dispelling some myths
More informationInternet Ideal: Simple Network Model
Middleboxes Reading: Ch. 8.4 Internet Ideal: Simple Network Model Globally unique identifiers Each node has a unique, fixed IP address reachable from everyone and everywhere Simple packet forwarding Network
More informationTomás P. de Miguel DIT-UPM. dit UPM
Tomás P. de Miguel DIT- 15 12 Internet Mobile Market Phone.com 15 12 in Millions 9 6 3 9 6 3 0 1996 1997 1998 1999 2000 2001 0 Wireless Internet E-mail subscribers 2 (January 2001) Mobility The ability
More informationLinux Network Security
Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols
More informationIP address format: Dotted decimal notation: 10000000 00001011 00000011 00011111 128.11.3.31
IP address format: 7 24 Class A 0 Network ID Host ID 14 16 Class B 1 0 Network ID Host ID 21 8 Class C 1 1 0 Network ID Host ID 28 Class D 1 1 1 0 Multicast Address Dotted decimal notation: 10000000 00001011
More informationDistributed Systems. 23. Content Delivery Networks (CDN) Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 23. Content Delivery Networks (CDN) Paul Krzyzanowski Rutgers University Fall 2015 November 17, 2015 2014-2015 Paul Krzyzanowski 1 Motivation Serving web content from one location presents
More informationSECURE DATA TRANSMISSION USING INDISCRIMINATE DATA PATHS FOR STAGNANT DESTINATION IN MANET
SECURE DATA TRANSMISSION USING INDISCRIMINATE DATA PATHS FOR STAGNANT DESTINATION IN MANET MR. ARVIND P. PANDE 1, PROF. UTTAM A. PATIL 2, PROF. B.S PATIL 3 Dept. Of Electronics Textile and Engineering
More informationInternet inter-as routing: BGP
Internet inter-as routing: BGP BGP (Border Gateway Protocol): the de facto standard BGP provides each AS a means to: 1. Obtain subnet reachability information from neighboring ASs. 2. Propagate the reachability
More informationLoad Balancing. Final Network Exam LSNAT. Sommaire. How works a "traditional" NAT? Un article de Le wiki des TPs RSM.
Load Balancing Un article de Le wiki des TPs RSM. PC Final Network Exam Sommaire 1 LSNAT 1.1 Deployement of LSNAT in a globally unique address space (LS-NAT) 1.2 Operation of LSNAT in conjunction with
More informationChapter 9. IP Secure
Chapter 9 IP Secure 1 Network architecture is usually explained as a stack of different layers. Figure 1 explains the OSI (Open System Interconnect) model stack and IP (Internet Protocol) model stack.
More informationCS 457 Lecture 19 Global Internet - BGP. Fall 2011
CS 457 Lecture 19 Global Internet - BGP Fall 2011 Decision Process Calculate degree of preference for each route in Adj-RIB-In as follows (apply following steps until one route is left): select route with
More informationHow To Understand The History Of The Network And Network (Networking) In A Network (Network) (Netnet) (Network And Network) (Dns) (Wired) (Lannet) And (Network Network)
COMPUTER NETWORKS LECTURES DR.PETER G. GYARMATI Research professor Lectures of P. G. Gyarmati 1. page 1999.-2006. 1999.-2006. This page is intentionally left blank Lectures of P. G. Gyarmati 2. page 1999.-2006.
More informationHow To Write A Transport Layer Protocol For Wireless Networks
Chapter 9: Transport Layer and Security Protocols for Ad Hoc Wireless Networks Introduction Issues Design Goals Classifications TCP Over Ad Hoc Wireless Networks Other Transport Layer Protocols Security
More informationCommunications and Computer Networks
SFWR 4C03: Computer Networks and Computer Security January 5-8 2004 Lecturer: Kartik Krishnan Lectures 1-3 Communications and Computer Networks The fundamental purpose of a communication system is the
More informationFacility Usage Scenarios
Facility Usage Scenarios GDD-06-41 GENI: Global Environment for Network Innovations December 22, 2006 Status: Draft (Version 0.1) Note to the reader: this document is a work in progress and continues to
More information1.264 Lecture 37. Telecom: Enterprise networks, VPN
1.264 Lecture 37 Telecom: Enterprise networks, VPN 1 Enterprise networks Connections within enterprise External connections Remote offices Employees Customers Business partners, supply chain partners Patients
More informationSoftware Defined Networking & Openflow
Software Defined Networking & Openflow Autonomic Computer Systems, HS 2015 Christopher Scherb, 01.10.2015 Overview What is Software Defined Networks? Brief summary on routing and forwarding Introduction
More informationHow To Understand The Purpose Of A Sip Aware Firewall/Alg (Sip) With An Alg (Sip) And An Algen (S Ip) (Alg) (Siph) (Network) (Ip) (Lib
NetVanta Unified Communications Technical Note The Purpose of a SIP-Aware Firewall/ALG Introduction This technical note will explore the purpose of a Session Initiation Protocol (SIP)-aware firewall/application
More informationTransport and Network Layer
Transport and Network Layer 1 Introduction Responsible for moving messages from end-to-end in a network Closely tied together TCP/IP: most commonly used protocol o Used in Internet o Compatible with a
More information21.4 Network Address Translation (NAT) 21.4.1 NAT concept
21.4 Network Address Translation (NAT) This section explains Network Address Translation (NAT). NAT is also known as IP masquerading. It provides a mapping between internal IP addresses and officially
More informationCS 5480/6480: Computer Networks Spring 2012 Homework 4 Solutions Due by 1:25 PM on April 11 th 2012
CS 5480/6480: Computer Networks Spring 2012 Homework 4 Solutions Due by 1:25 PM on April 11 th 2012 Important: The solutions to the homework problems from the course book have been provided by the authors.
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationVPN Lesson 2: VPN Implementation. Summary
VPN Lesson 2: VPN Implementation Summary 1 Notations VPN client (ok) Firewall Router VPN firewall VPN router VPN server VPN concentrator 2 Basic Questions 1. VPN implementation options for remote users
More informationDoes SDN accelerate network innovations? Example of Flexible Service Creation
Does SDN accelerate network innovations? Example of Flexible Service Creation Andreas Gladisch VP Convergent Networks and Infrastructure, Telekom Innovation Labs 24.10.2012 Do you know what this is? Zuse
More informationExperimental Comparison of Routing and Middleware Solutions for Mobile Ad Hoc Networks: Legacy vs Cross-Layer Approach
Experimental Comparison of Routing and Middleware Solutions for Mobile Ad Hoc Networks: Legacy vs Cross-Layer Approach E. Borgia, M. Conti, F.Delmastro, and E. Gregori Pervasive Computing & Networking
More informationNetwork performance in virtual infrastructures
Network performance in virtual infrastructures A closer look at Amazon EC2 Alexandru-Dorin GIURGIU University of Amsterdam System and Network Engineering Master 03 February 2010 Coordinators: Paola Grosso
More informationThe TCP/IP Reference Model
The TCP/IP Reference Model The TCP/IP Model Comparison to OSI Model Example Networks The TCP/IP Model Origins from ARPANET, DoD research network ARPA - Advanced Research Projects Agency Reliability was
More informationCSET 4750 Computer Networks and Data Communications (4 semester credit hours) CSET Required IT Required
CSET 4750 Computer Networks and Data Communications (4 semester credit hours) CSET Required IT Required Current Catalog Description: Computer network architectures and their application to industry needs.
More informationPrivate Industry Role in Next Generation Internet. Bob Aiken. NGI Project Leader DOE er.doe..doe.gov Large Scale Networking Working Group June 1997
Private Industry Role in Next Generation Internet Bob Aiken NGI Project Leader DOE aiken@er er.doe..doe.gov Large Scale Networking Working Group June 1997 NGI: Foundation for the Future Points to Remember
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationDefinition. A Historical Example
Overlay Networks This lecture contains slides created by Ion Stoica (UC Berkeley). Slides used with permission from author. All rights remain with author. Definition Network defines addressing, routing,
More informationLayered Architectures and Applications
1 Layered Architectures and Applications Required reading: Garcia 2.1, 2.2, 2.3 CSE 3213, Fall 2010 Instructor: N. Vlajic 2 Why Layering?! 3 Montreal London Paris Alice wants to send a mail to Bob and
More informationIPv6 Fundamentals Ch t ap 1 er I : ntroducti ti t on I o P IPv6 Copyright Cisco Academy Yannis Xydas
IPv6 Fundamentals Chapter 1: Introduction ti to IPv6 Copyright Cisco Academy Yannis Xydas The Network Today The Internet of today is much different that it was 30, 15 or 5 years ago. 2 Technology Tomorrow
More informationIAB IPv6 Multi-Homing BOF. Jason Schiller Senior Internet Network Engineer IP Core Infrastructure Engineering UUNET / MCI
IAB IPv6 Multi-Homing BOF Jason Schiller Senior Internet Network Engineer IP Core Infrastructure Engineering UUNET / MCI Multi-homing Problems Inbound to the destination traffic engineering is needed Current
More informationIPv4 and IPv6 Integration. Formation IPv6 Workshop Location, Date
IPv4 and IPv6 Integration Formation IPv6 Workshop Location, Date Agenda Introduction Approaches to deploying IPv6 Standalone (IPv6-only) or alongside IPv4 Phased deployment plans Considerations for IPv4
More informationInternet Peering, IPv6, and NATs. Mike Freedman V22.0480-005 Networks
Internet Peering, IPv6, and NATs Mike Freedman V22.0480-005 Networks Internet Peering Review: Routing Internet has a loose hierarchy of domains Hosts now local router Local routers know site routers Site
More informationNetwork Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶
Network Security 網 路 安 全 Lecture 1 February 20, 2012 洪 國 寶 1 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 2 Course
More informationWhy ISPs need SDN: SDN-based Network Service Chaining and Software-defined Multicast
Why ISPs need SDN: SDN-based Network Chaining and Software-defined Multicast ZKI Herbsttagung, Kaiserslautern, Germany, 24. Sept. 2014 Jeremias Blendin, Julius Rückert, David Hausheer Department of Electrical
More information19531 - Telematics. 9th Tutorial - IP Model, IPv6, Routing
19531 - Telematics 9th Tutorial - IP Model, IPv6, Routing Bastian Blywis Department of Mathematics and Computer Science Institute of Computer Science 06. January, 2011 Institute of Computer Science Telematics
More information1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet
Review questions 1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet C Media access method D Packages 2 To which TCP/IP architecture layer
More informationInternet Architecture
Internet Architecture CSE 561 Lecture 2, Spring 2002 David Wetherall The OSI layering Model End host Application Presentation Session Top four layers are end-to-end Lower 3 layers are peer-to-peer End
More informationwww.alcatel-lucent.com
Dynamic Compact Routing Project www.alcatel-lucent.com Kick-off meeting - Jan 16, 2009 INRIA Sophia-Antipolis Dimitri Papadimitriou Alcatel-Lucent BELL NV dimitri.papadimitriou@alcatel-lucent.be 1 September
More informationInternet Infrastructure Measurement: Challenges and Tools
Internet Infrastructure Measurement: Challenges and Tools Internet Infrastructure Measurement: Challenges and Tools Outline Motivation Challenges Tools Conclusion Why Measure? Why Measure? Internet, with
More informationCisco PIX vs. Checkpoint Firewall
Cisco PIX vs. Checkpoint Firewall Introduction Firewall technology ranges from packet filtering to application-layer proxies, to Stateful inspection; each technique gleaning the benefits from its predecessor.
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More informationIP Subnetting and Addressing
Indian Institute of Technology Kharagpur IP Subnetting and Addressing Prof Indranil Sengupta Computer Science and Engineering Indian Institute of Technology Kharagpur Lecture 6: IP Subnetting and Addressing
More informationFlow processing and the rise of the middle.
Flow processing and the rise of the middle. Mark Handley, UCL With acknowledgments to Michio Honda, Laurent Mathy, Costin Raiciu, Olivier Bonaventure, and Felipe Huici. Part 1 Today s Internet Protocol
More informationInternet Protocol: IP packet headers. vendredi 18 octobre 13
Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)
More informationFinal exam review, Fall 2005 FSU (CIS-5357) Network Security
Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection
More informationCHAPTER 6. VOICE COMMUNICATION OVER HYBRID MANETs
CHAPTER 6 VOICE COMMUNICATION OVER HYBRID MANETs Multimedia real-time session services such as voice and videoconferencing with Quality of Service support is challenging task on Mobile Ad hoc Network (MANETs).
More informationTopics. Computer Networks. Let s Get Started! Computer Networks: Our Definition. How are Networks Used by Computers? Computer Network Components
Topics Use of networks Network structure Implementation of networks Computer Networks Introduction Let s Get Started! Networking today: Where are they? Powerful computers are cheap Networks are everywhere
More informationWhat would you like to protect?
Network Security What would you like to protect? Your data The information stored in your computer Your resources The computers themselves Your reputation You risk to be blamed for intrusions or cyber
More informationINTRODUCTION TO NETWORK VIRTUALIZATION
1 INTRODUCTION TO NETWORK VIRTUALIZATION Wednesday, May 14, 2008 Mosharaf Chowdhury Member, envy Project What is Virtualization? 2 Transparent abstraction of computing platform and resources Multiple logical
More informationSAVI/GENI Federation. Research Progress. Sushil Bhojwani, Andreas Bergen, Hausi A. Müller, Sudhakar Ganti University of Victoria.
SAVI/GENI Federation Research Progress Sushil Bhojwani, Andreas Bergen, Hausi A. Müller, Sudhakar Ganti University of Victoria. Canada Outline Introduction SAVI/GENI Federation objectives Work Involved
More informationAppendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
More informationData Communication Networks Introduction
Data Communication Networks Introduction M. R. Pakravan Department of Electrical Engineering Sharif University of Technology Data Networks 1 Introduction The course introduces the underlying concepts and
More informationSoftware-Defined Networking Architecture Framework for Multi-Tenant Enterprise Cloud Environments
Software-Defined Networking Architecture Framework for Multi-Tenant Enterprise Cloud Environments Aryan TaheriMonfared Department of Electrical Engineering and Computer Science University of Stavanger
More informationWireless Encryption Protection
Wireless Encryption Protection We re going to jump around a little here and go to something that I really find interesting, how do you secure yourself when you connect to a router. Now first and foremost
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
More informationSteelcape Product Overview and Functional Description
Steelcape Product Overview and Functional Description TABLE OF CONTENTS 1. General Overview 2. Applications/Uses 3. Key Features 4. Steelcape Components 5. Operations Overview: Typical Communications Session
More information(Refer Slide Time: 02:17)
Internet Technology Prof. Indranil Sengupta Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture No #06 IP Subnetting and Addressing (Not audible: (00:46)) Now,
More informationHow To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)
Security principles Firewalls and NAT These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/) Host vs Network
More informationBasic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet
Basic Networking Concepts 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet 1 1. Introduction -A network can be defined as a group of computers and other devices connected
More information