i-2 Internet problems
Taekyoung [email protected]
scalability• Network prefix keeps increasing
– Superlinearly• Forwarding info base (FIB) size in-
creases– routers in Default free zone (DFZ)
Why increase?
3Source: bgp.potaroo.net
• Multi-homing• Traffic engineering• Non-aggregatable prefix allocation
Multi-homing• reliability
company1
ISP1 ISP2
3.0.0.0/8 4.0.0.0/8
3.4.0.0/163.4.0.0/16
Traffic engineering (1/2)• E.g. load balancing
ISP2
ISP1
4.0.0.0/8
3.4.0.0/163.4.0.0/16
Traffic engineering (2/2)• E.g. load balancing
ISP2
ISP1
4.0.0.0/8
3.4.1.0/243.4.0.0/16
3.4.2.0/24
Why routing scalability mat-ters?
• FIB is expensive
ViAggre, “Making routers last longer with ViAggre”, NSDI ‘09
Virtual aggregation (ViAg-gre)
ViAggre: Basic Idea
ViAggre: Basic Idea
Data plane operations
Route stretch
Ingress -> aggregation point
Aggregation point -> egress
scalability• LISP (locator identifier separation
protocol)
mobility• Session continuity
– TCP/IP socket • IP address is fixed
– IP address is changed with mobility• Initial lookup
– DNS assumes static binding between domain name and IP address
– What if IP address of a host changes dy-namically?
mobility• Destination mobility
– Client changes her point of attachment during session
• Source mobility– What if source moves?
• What if both endpoints change their points of attachment simultaneously?
Taxonomy: mobility proposals
• L3– MIPv4, MIPv6, PMIP
• L4• Shim layer
IP mobility problem• Internet hosts/interfaces are identified by IP address
– Host identifier– Locator
• Moving to another network requires different network address– But this would change the host’s identity– How can we still reach that host?
Routing for mobile hosts
CH
MH
Home network
MH
CHMH = mobile host CH = correspondent host
Home network Foreign network
Foreign network
How to direct packets to moving hosts transparently?
5 slides are from Scott Midkiff @VT hereafter
Host-specific routes• There are numerous routers• There will be even more mobile hosts• Whenever a host changes its address, it
may have to be propagated across the In-ternet
?
LD (location directory) • identifier: location• home address (HoA): care-of address (CoA)
Mobile IP
Proxy Mobile IP
L4 Proposals• MSOCKs
– “MSOCKS: An Architecture for Transport Layer Mobility,” infocom ‘98
• SCTP– RFC 4960, “Stream Control Transmission
Protocol”• Migrate
– “An End-to-End Approach to Host Mobil-ity,” MobiCom ‘00
Migrate• Locate hosts through existing DNS
– Secure, dynamic DNS is currently deployed and widely available (RFC 2137)
– Maintains standard IP addressing model• IP address are topological addresses, not Ids• Fundamental to Internet scaling properties
• Ensure seamless connectivity through connection migration– Notify only the current set of correspondent
hosts– Follows from the end-to-end argument
Migrate Architecture
DNS Server
Mobile Hostfoo.bar.edu
Location Query(DNS Lookup)
Connection Initiation
Location Update(Dynamic DNS Update)
Connection Migration
xxx.xxx.xxx.xxxyyy.yyy.yyy.yyy
CorrespondentHost
Shim layer: Insert an ID-locator mapping layer
• Shim6– Level 3 Multihoming Shim Protocol for
IPv6 , RFC 5533• HIP
– Host Identity Protocol (HIP) Architecture, RFC 4423
Content delivery efficiency• P2P: BitTorrent• CDN• IP multicasting• Wireless multicasting/broadcasting• CCN
Content centric networking• FIB Scalability• Source mobility• Cache-BW tradeoff
Security: DDOS• DDoS
– Filtering-based– Capability-based
Security: PKI• PKI is vulnerable
– Certificate chain• certificate
Digital Certificate
“I officially approve the relation be-
tween the holder of this certificate (the user) and this par-ticular public key.
Source: Atul Kahate
Digital Certificate Signed by CA
Digital Certifi-cate
Subject Name: …Public Key: ……
CA’s Digital Signature
To verify this cer-tificate, we need to de-sign it using the CA’s public key. If
we can de-sign the certificate, we can safely assume that
the certificate is valid.
“de-sign” means to verify the message digest of certificate by using CA’s public key
CA Hierarchy
Root CA
Second Level CA
Second Level CA
Second Level CA
Third Level CA
Third Level CA
Third Level CA
Third Level CA
…
… …
PKI threats • Everybody can be a CA• A naïve/reckless/malicious CA may
issue a certificate to a malicious en-tity.
• The malicious entity runs a bogus server– Say, citibank.com
• Somehow DNS response of citibank.-com has the IP address of the mali-cious entity
• Then what?
Video adaptation• How to maximize users’ QoE in a cell
or a group of cells in adaptive multi-media framework
• QoS: throughput, delay, jitter, loss• QoE: PSNR, MOS, zapping time
Rate Adaptation is a must• Different devices• Link/path bandwidth• Dynamics
40/24
2Mb/s
1Mb/s 0.2Mb/s
0.5Mb/s
Online transrating/transcod-ing
• Original video is modified
41/24
Netmanias, 2012
Dynamic Adaptive Streaming over HTTP (DASH)
• Segments for multiple quality levels
42/24
Thomas Stockhammer, Qualcomm
Scalable video coding (SVC)• Multiple layers for progressive quality en-
hancement
Layered Encoder
Layer lLayer 3
Layer 1Layer 2
…
Layered Video
Base layer
Enhancement Layer
Spatio-Temporal-Quality Cube
* MDC: multiple description coding
Location-based Mobile Networking
• offloading• handoff• P2P communications
Data center networking• Monitoring• Re-routing• TCP
TCP for Big Data• “Understanding TCP Incast and Its
Implications for Big Data Workloads”• “Cascaded TCP: Big Throughput for
Big Data Applications in Distributed HPC”
Oracle Mapping System• Mobility• Routing scalability• Content delivery• Certificate Verification