Upload
nia-roblin
View
224
Download
7
Tags:
Embed Size (px)
Citation preview
CSE 222a Final Project - UCSD Spring 2007CSE 222a Final Project - UCSD Spring 2007
p2p DNS addressingp2p DNS addressing
Presented By- Presented By- Anup TapadiaAnup Tapadia
Alexander LoukissasAlexander LoukissasJustin WuJustin Wu
CSE 222a Final Project - UCSD Spring 2007CSE 222a Final Project - UCSD Spring 2007
ProblemProblem
Why can’t we use DNS address as a Why can’t we use DNS address as a primary identifier for a computer to primary identifier for a computer to connect from anywhere, anytime ? connect from anywhere, anytime ? Eg – peter.myworld.com Eg – peter.myworld.com Connects to peter Connects to peter
1.NAT – Network address translators2.Firewalls
CSE 222a Final Project - UCSD Spring 2007CSE 222a Final Project - UCSD Spring 2007
SolutionSolution
We introduce a p2p DNS addressing We introduce a p2p DNS addressing scheme that deals with both problemsscheme that deals with both problemsAddressing: Host names are decoupled from Addressing: Host names are decoupled from
IP addressesIP addressesConnectivity: Hosts can receive and respond Connectivity: Hosts can receive and respond
to HTTP requests, even when they are behind to HTTP requests, even when they are behind a NATa NAT
CSE 222a Final Project - UCSD Spring 2007CSE 222a Final Project - UCSD Spring 2007
NATsNATs
Most DSL/Cable routers have a NAT built Most DSL/Cable routers have a NAT built into theminto them
NATs block incoming connections, making NATs block incoming connections, making the host inaccessiblethe host inaccessible
Many applications use techniques that Many applications use techniques that “punch UDP holes” through the NATs (e.g. “punch UDP holes” through the NATs (e.g. Skype) Skype)
CSE 222a Final Project - UCSD Spring 2007CSE 222a Final Project - UCSD Spring 2007
The system at a glanceThe system at a glance
john.p2p.net
peter.p2p.net
p2p DNS Server
Step 1:DNS query forjohn.p2p.net
NAT/Firewall
PC with public IP(Super Server)
PC behind NAT
Step 1:DNS query forpeter.p2p.net
Step 3:Relay traffic between mobileand PC behind NAT
Step 2:HTTP requests and
responses
Step 2:HTTP requests and
responses
Case 2: PC behind NAT
Case 1: PC with public IP
HTTP Client
Step 4: (Optional)TCP hole punching
CSE 222a Final Project - UCSD Spring 2007CSE 222a Final Project - UCSD Spring 2007
Client 1 Nat BP2P DNS Client (Super Server)
Nat A Client 2
HTTP Get from A:P1Outbound initialize req
SYN from B:P2 for Super Serv
HTTP redirect for B:P2
SYN from B:P2 for NAT A
SYN from A:P3 to B:P2
SYN-ACK
ACK
Data
Passive TCPListen
Pre-established connection
TCP connect
TCP connect
TCP NAT TraversalTCP NAT Traversal
CSE 222a Final Project - UCSD Spring 2007CSE 222a Final Project - UCSD Spring 2007
p2pDNS Clientp2pDNS Client
Small Java application that provides both Small Java application that provides both addressing and connectivity to hostaddressing and connectivity to host
Utilizes feedback from STUN and DNS Utilizes feedback from STUN and DNS serverserver
Automatically runs in either SuperServer Automatically runs in either SuperServer of Client modeof Client mode
CSE 222a Final Project - UCSD Spring 2007CSE 222a Final Project - UCSD Spring 2007
p2pDNS Server Tasksp2pDNS Server Tasks
Overloads standard DNS server Overloads standard DNS server e.g. e.g. bind9bind9
Assigns SuperServers to hostsAssigns SuperServers to hostsMaintains information for all online hostsMaintains information for all online hostsDNS lookup queries are handled as usualDNS lookup queries are handled as usual
e.g. by e.g. by namednamed on port 53 on port 53Overhead only on host login/logoutOverhead only on host login/logout
CSE 222a Final Project - UCSD Spring 2007CSE 222a Final Project - UCSD Spring 2007
p2pDNS Server Tablep2pDNS Server TableUsernameUsername Unique username of a hostUnique username of a host
PasswordPassword Required for authentication of the hostRequired for authentication of the host
HostnameHostname Permanent FQDN (e.g. john.p2p.net)Permanent FQDN (e.g. john.p2p.net)
SuperServerSuperServer True/FalseTrue/False
Public IPPublic IP Host’s public IP address (as reported by STUN)Host’s public IP address (as reported by STUN)
Private IPPrivate IP Host’s private IP address (as reported by STUN)Host’s private IP address (as reported by STUN)
NAT typeNAT type Based on STUN infoBased on STUN info
LoadLoad # hosts connected to this SuperServer# hosts connected to this SuperServer
ISPISP Internet Service providerInternet Service provider
LatitudeLatitude Information for SuperServer election using Information for SuperServer election using GeolocationGeolocationLongitudeLongitude
SS1SS1 IP addresses of primary and secondary IP addresses of primary and secondary SuperServerSuperServerSS2SS2
CSE 222a Final Project - UCSD Spring 2007CSE 222a Final Project - UCSD Spring 2007
Host logon processHost logon process
1.1. Host contacts DNS server on known IP Host contacts DNS server on known IP address and portaddress and port
2.2. Host sends logon request to the DNS Host sends logon request to the DNS serverserver
3.3. Based on information from the logon Based on information from the logon message, the DNS server authorizes the message, the DNS server authorizes the host and if needed, provides the IP host and if needed, provides the IP address of a SuperServeraddress of a SuperServer
4.4. DNS server updates lookup tableDNS server updates lookup table
CSE 222a Final Project - UCSD Spring 2007CSE 222a Final Project - UCSD Spring 2007
Partial DecentralizationPartial Decentralization
P2PDNS
SS
SS
SS
SS
SS
SS
SS
CC
C
C C C
C
C
CCC
C
CC
C
CC
C
CC
C
CSE 222a Final Project - UCSD Spring 2007CSE 222a Final Project - UCSD Spring 2007
Super-server electionSuper-server election
LoadLoadBandwidthBandwidthLatencyLatency# of clients logged on# of clients logged on
Geographical distance Geographical distance (ip2location.com database)(ip2location.com database)
Physical distancePhysical distance ISPISP
AvailabilityAvailability
CSE 222a Final Project - UCSD Spring 2007CSE 222a Final Project - UCSD Spring 2007
Geolocational electionGeolocational election
0,0
0,0
0,0
0,0
-180,180
180,-180-180,-180
180,180
d1
d2
CSE 222a Final Project - UCSD Spring 2007CSE 222a Final Project - UCSD Spring 2007
Experimental setupExperimental setup
p2pDNS serverp2pDNS serverClient behind NAT (alex.p2p.net)Client behind NAT (alex.p2p.net)Super Server / client (justin.p2p.net)Super Server / client (justin.p2p.net)Multi threaded HTTP clientMulti threaded HTTP client
CSE 222a Final Project - UCSD Spring 2007CSE 222a Final Project - UCSD Spring 2007
Relay OverheadRelay Overhead
Response Latency
0
100
200
300
400
500
600
700
50 100 150 200 250 300 350 400 450 500
Requests/sec
Lat
ency
(m
sec)
Latency (with relaying)
Latency (direct connection)
CSE 222a Final Project - UCSD Spring 2007CSE 222a Final Project - UCSD Spring 2007
AchievementsAchievements
p2pDNS registration and updatesp2pDNS registration and updatesServes any HTTP server with any http Serves any HTTP server with any http
clientclientSymmetric NAT traversal through super Symmetric NAT traversal through super
server relaysserver relaysCommon case TCP traversal through NAT Common case TCP traversal through NAT
hole punchinghole punchingStudy of geolocational server electionStudy of geolocational server election
CSE 222a Final Project - UCSD Spring 2007CSE 222a Final Project - UCSD Spring 2007
Key IssuesKey Issues
SuperServer failover and fast recoverySuperServer failover and fast recoveryFast DNS cache updatesFast DNS cache updatesEffect of low TTL on DNS server loadEffect of low TTL on DNS server loadTCP traversal through various NAT’sTCP traversal through various NAT’sSecuritySecurity
CSE 222a Final Project - UCSD Spring 2007CSE 222a Final Project - UCSD Spring 2007
ConclusionConclusion
It works !It works ! TCP NAT hole punching is hard to synchronize TCP NAT hole punching is hard to synchronize
but achievable in common casesbut achievable in common cases Needs moderate central infrastructureNeeds moderate central infrastructure
Future WorkFuture Work Scalability needs to be testedScalability needs to be tested Failover and recoveryFailover and recovery More De-centralizationMore De-centralization Extend p2pDNS services past HTTPExtend p2pDNS services past HTTP