Bootstrapping P2P VPN

Transcription

1 Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universität München, Germany Bootstrapping P2P VPN Felix Weißl Chair for Network Architectures and Services Department for Computer Science Technische Universität München April 3, 2014

2 Outline 1 Motivation 2 Network Classification 3 Terms 4 Bootstrapping 1 In unstructured Peer-to-Peer networks 2 In structured Peer-to-Peer-networks 5 Related work 6 Conclusion 2

3 Motivation Client / Server Peer-to-Peer centralized server dependent single point of failure server is bottle-neck secure standard protocols easy connection establishment easy file management decentralized self-organizing robust shared resources (bandwidth, CPU) scalable privacy / security issues bootstrapping problem network speed usually low source: 3

4 Network Classification Virtual Private Networks Centralized e.g. OpenVPN Unstructured Decentralized e.g. Tinc Structured: Distributed Hash Table e.g. GroupVPN, BitTorrent's distributed tracker Hybrid: Super Nodes e.g. N2N 4

5 Terms P2P VPN : - decentralized virtual private network - popular applications: Hamachi, N2N, P2PVPN, Wippien, freelan Bootstrapping: process of a new peer joining the network 5

6 Bootstrapping 1. Peer discovery: - discover the network - request one or more well-known entry points 2. Rendezvous: - try connecting to a peer - traversal of NAT devices 3. Relay: - scenario: NAT traversal fails - third party relays traffic 6

7 Bootstrapping N2N N2N: - encrypted Layer 2 over Layer 3 private P2P network - super nodes build backbone of the network? Source: 7

8 Bootstrapping N2N - Peer discovery: - Required: Global IP address of one super nodes - Peer list through broadcast messages - Rendezvous: - Peer registration - connection attempt - Relay through super nodes as a fall-back method? 8

9 Bootstrapping GroupVPN - Idea: Usage of an existing public network for configuration exchange, e.g. XMPP, BitTorrent, Gnutella, Brunet - Brunet: - self-organizing ring-structured network - nodes organized in well-defined topology - nodes addressable with internal PeerIDs - Distributed Hash Table 9

10 Bootstrapping GroupVPN Distributed Hash Table - distributed data over large P2P network - quick search time for given item - keys mapped to nodes - get / put operations - e.g. get FOOBAR 10

11 Bootstrapping GroupVPN Bootstrapping Peer wants to connect to P2P VPN Private 11

12 Bootstrapping GroupVPN Bootstrapping 1. Peer discovery: peer queries DHT for private network peers 11

13 Bootstrapping GroupVPN Bootstrapping 2. Rendevouz: Exchange connection messages, NAT Traversal 11

14 Bootstrapping GroupVPN Bootstrapping 2. Rendevouz: Exchange connection messages, NAT Traversal 11

15 Bootstrapping GroupVPN Network Address Translation (NAT): - overcome shortage of IPv4 addresses - separation of private and public address space - breaks end-to-end principle - blocks new incoming connections P2P problem NAT A NAT B Source: J. Buford, H. Yu, and E. K. Lua. P2P Networking and Applications. Morgan Kaufmann,

16 Bootstrapping GroupVPN NAT Traversal scenario: Source: B. Ford, P. Srisuresh, and D. Kegel. Peer-to-peer communication across network address translators. In USENIX Annual Technical Conference, General Track, pages ,

17 Bootstrapping GroupVPN UDP Hole Punching Source: B. Ford, P. Srisuresh, and D. Kegel. Peer-to-peer communication across network address translators. In USENIX Annual Technical Conference, General Track, pages ,

18 Related work Other techniques for peer discovery: - Social networks: IRC, XMPP - Dynamic DNS - Random Access Probing Other NAT traversal techniques: - manual: port forwarding - TCP hole punching - Autonomous NAT traversal 15

19 Conclusion - NAT still a main issue in P2P bootstrapping - pure P2P VPNs very rare - security mechanisms in existing applications often neglected 16

20 Questions 17