1 / 9

Tunneling Continued/ End-to-End Principle

Explore the advantages of tunneling in networking, including security through VPNs, flexibility in topology and protocol, and bypassing censorship. Discover how MPLS virtual circuits and VPNs improve network stability and performance. Understand the End-to-End Principle for optimal system design, emphasizing placing functions at endpoints for efficient data transfer and robustness against errors. Learn about ensuring data integrity, delivery guarantees, and message authenticity while following the E2E argument.

eryk
Télécharger la présentation

Tunneling Continued/ End-to-End Principle

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Tunneling Continued/End-to-End Principle CS 4251: Computer Networking IINick FeamsterSpring 2008

  2. Why Tunnel? • Security • E.g., VPNs • Flexibility • Topology • Protocol • Bypassing local network engineers • Oppressive regimes: China, Pakistan, TS… • Compatibility/Interoperability • Dispersion/Logical grouping/Organization • Reliability • Fast Reroute, Resilient Overlay Networks (Akamai SureRoute) • Stability (“path pinning”) • E.g., for performance guarantees

  3. MPLS Overview • Main idea: Virtual circuit • Packets forwarded based only on circuit identifier Source 1 Destination Source 2 Router can forward traffic to the same destination on different interfaces/paths.

  4. Circuit Abstraction: Label Swapping D • Label-switched paths (LSPs): Paths are “named” by the label at the path’s entry point • At each hop, label determines: • Outgoing interface • New label to attach • Label distribution protocol: responsible for disseminating signalling information 2 A 1 Tag Out New 3 A 2 D

  5. Layer 3 Virtual Private Networks • Private communications over a public network • A set of sites that are allowed to communicate with each other • Defined by a set of administrative policies • determine both connectivity and QoS among sites • established by VPN customers • One way to implement: BGP/MPLS VPN mechanisms (RFC 2547)

  6. Placement of Function • “End to End Arguments in System Design” • One typically draws a box around the communication subsystemand defines an interface between it and the rest of the system • Once this boundary is defined, the question of where function should be placed is at the forefront • The “End-to-End Argument” • Function can be completely implemented only with the help of the application • Dumb network, smart endpoints

  7. Example: File Transfer • Data could be corrupted or lost • In transit • At the receiver when read • In memory • Where should the checks for correct transmission be performed? • E2E argument says that the application should be the one to perform these checks (e.g., at the application layer)

  8. Examples of Applying E2E • Delivery guarantees • Application may not only need to know that a message was received, but also that the receiver acted on the message • Secure transmission of data • Network elements that transmit data must be trusted to securely manage keys, etc. • Authenticity of message must still be checked by application • Upshot: communicating subsystem does not need to provide management for all traffic

  9. More Examples • Duplicate message suppression • Where should duplicates be supressed? • In-order message delivery

More Related