570 likes | 688 Vues
Virtual Internet Research at the Postel Center. Joe Touch Postel Center Computer Networks Division USC/ISI. Outline:. VIs: definition & architecture Using VIs : X-Bone – deploying VIs DynaBone – multilayer VIs for fault tolerance, security, and performance Supporting VIs :
E N D
Virtual Internet Research at the Postel Center Joe Touch Postel Center Computer Networks Division USC/ISI
Outline: • VIs: definition & architecture • Using VIs: • X-Bone – deploying VIs • DynaBone – multilayer VIs for fault tolerance, security, and performance • Supporting VIs: • NetFS – OS support for VIs • DataRouter – app.-directed net-layer forwarding
VI Definition • VI is a network composed of: • Virt. hosts, virt. routers, virt. links (tunnels) • Provides at least the same services as IA • In a virtual context • First-principles extension • More than a patch • More than interim
Motivation • Unified, consistent virtual architecture • VPNs, overlay nets, peer nets • Incremental deployment of new services • Ongoing experiments • Topology-based services • DHTs, geographic forwarding [GeoNet], string-rewriter forwarding [DataRouter] • Layer-based services • Contained dynamic routing, fault tolerance (FEC), security (traffic hiding), multi-algorithm [DynaBone], Plutarch’s subnet composition
Extra Constraints • Internet-like • Routing (link up) vs. provisioning (link add) • …one header to bind them all… (use IP, provide IP recursion) • Complete E2E system • All VNs are E2E • VN “Turing Test” • A net can’t tell it’s virtual • Use existing protocols, OSs, apps.
Principles • TENET 1. Internet-like • VIs = VRs + VHs + tunnels • Emulating the Internet • TENET 2. All-Virtual • Decoupled from their base network • TENET 3. Recursion-as-router • Some of VRs are VI networks
Recursion-as-Router • Hierarchy w/connected sub-overlays • Sub-overlays look like routers Primary overlay Sub-2 Sub-1 Base network
Corollaries • Behavior: • VH adds/deletes headers • VRs transit (constant # headers) • Structure: • VIs support concurrence • VIs support revisitation • Each VI has own names, addresses • Address indicates overlay context
Detailed Architecture • Components: • VH hidden router • VL 2 layers (strong link, weak net) • VR partitioned forwarding • Capabilities: • Revisitation multihoming • Recursion router as network, BARP RUNNING CODE (FreeBSD, Linux, Cisco)
Network Control / deployment Architecture Use:New Concepts • Recursion, revisitation • BARP • Service to deploy & manage VIs • Language for describing VIs
Primary overlay Outerlay Sub-2 Sub-1 Sub-1 Sub-2 Base network Sub-3 Base network More Concepts:Service composition • Compose: • X-Bone, DTN, Plutarch • Alternate: • DynaBone,Control Plane,FEC, Boosters
More Architecture Uses:Correct/explain anomalies • Multihoming • Phantom router in all hosts • Input context for forwarding/binding • Revisitation • Two-level tunnels • Input context sets • IPsec tunnel mode & dynamic routing
Typical Q’s • Why not VPNs/Peer, etc.? • Most net-level are incremental, partial, etc. • App. Level recapitulates network & won’t compose • Isn’t this more complex? • AS-like management encapsulation (multi-level) • Can make application view simpler (per-app. networks) • Isn’t this suboptimal/non-diverse? • So is VM; like VM, OOB info. & direct measurements can help • Layering implies increasing coarseness • Wasn’t this done in (X) before? • VIA is uniform, consistent, & implemented • What’s so hard? • See “uses” & “anomalies”
1/N performance Performance Impact
Prior & Related Work • Service/new protocols • Cronus, M/6/Q/A-Bone • Multi/other layer • Cronus, Supranet, MorphNet, VANs • Partial • VPN, VNS, RON, Detour, PPVPN, SOS • Virtualization, Revistation, Recursion • X-Bone, Spawning, DynaBone, NetFS, Netlab
VI analogy to VM • Protection • For concurrency, separation • Simpler configuration • Run over simpler topologies • Decouple from physical • Emulate larger/different nets • Automation • Generic, external mechanism
X X Y Y to Y to Y Strong Weak Why 2 layers? • Network • E2E IDs, routing • Link • ICMP, ARP, forwarding • Reasons: • Revisitation • Separate link-layer IPsec keys • Allows separate interfaces – thus dynamic routing • Issues • Overlap for efficiency • Strong vs. weak
Web GUI Multiple views IP Base Star Overlay B A D C ring-ovl star-ovl B B A A Ring Overlay D D C C xd GUI Resource Daemon Overlay Manager Resource Daemon Base IPv4 Network Resource Daemon Automated monitoring link host router X-Bone X-Bone system
The X-Bone is… • A system for automated overlay deployment • Among a closed set of trusted hosts and routers • Pprovide coordination, configuration, management • Many details are plug-replaceable • New tricks for overlays (use of overlays) • Overlays on overlays on overlays on … • Fault tolerance, service deployment • Member in multiple overlays, in single multiple times • New tricks for old dogs (extend net arch.) • Use existing stacks and applications
What We Don’t Do… • Optimize the overlay topology • We use a plug-in module (AI folk can provide) • It requires network status (emerging now) • Fault tolerance only via ground truth (admin. issue) • X-Bone is capability more than performance (now) • Non-IP overlays • IP is the interoperability layer • IP recurses / stacks nicely
Result sin eql cos div udel sec isipc2 bbn Creating a Ring Ovl. Request OM Ring Ovl. Internet
Potential Uses • Test new protocols • Test denial-of-service solutions • Deploy new services incrementally • Dynamic routing, proxylets, security • Increase lab & testbed utility • Overlapping nets, add delay & loss • Scale to 10,000 nodes • Simplify view of topology • Support fault tolerance • Added level of recovery
Features • Secure • X.509 certs, SSL control, ACLs • Resilient • Heartbeats with auto-dismantle • Crash recovery/restore • Detects/avoids replays; idempotent actions w/rollback • Overlay features • Dummynet, IPsec • Application deployment • ABone • Squid proxy system (U. Catalonia) • PlanetLab-like slice of vservers
Recent Additions • In 3.0 (1/2004): • IPv6 • Dynamic DNS/DNSsec • Cisco via buddy host • Zebra dynamic routing • User-specified topology • XML-based API • Coming soon • Revisitation (using network stacks) • Recursion
Architecture issues • Core (PP) VPNs need stub assistance • All transport is E2E • Inject routes via BGP/RIP or redirect default • Often assumes one VPN • Boundary control • Typical VPN • O(N) tunnels & routes / O(N) firewall rules • Separate routing and firewalls • O(1) routes / O(N) firewall rules • Firewall via groups • O(1) routes / O(1) firewall rules
Relation to: • NetLab (net EmuLab) • Focuses on L2-VPNs • Incorporating X-Bone concepts • Revisitation, IPsec tun over IPIP/GRE • PlanetLab • Focuses on OS • Primitive networking • Reinventing net. configuration mech.
Availability (and not)… • http://www.isi.edu/xbone • Platforms • FreeBSD 4.x/5.x (IPv4/6 IPsec) • Linux RedHat (IPv4/IPsec only) • Cisco via buddy host (IPv4 IPsec, IPv6) • Under development/test: • NetBSD (tested only) • MacOS X (prelim. testing) • Platforms not capable of VIs: • Windows 2K/XP • Linux FreeS/WAN • Vxworks, Janos • PlanetLab inside vserver
Innerlays Outerlay P R M P R M X MD5 auth / static DynaBone Spread-Spectrum Multilayer Internet Overlays 3DES encrypt / Linkstate RC5 encrypt / RIP MD5 auth / static Base network
Goals • Auto platform for spread-spectrum • Architecture in which to use … (see BASF) • Closed-group communication • E2E, E2(gateway), etc. • Enable multilayer defense (IP addr, SPI, decrypts) • Platform for muggles • Transparent to applications, protocols, OS’s • Auto-deploy
Sub-1 Sub-2 Sub-3 DynaBone via X-Bones • Parallel innerlays • Coordinate use via PRMs Outerlay Base network
Layered Overlays • Innerlays • A network you can gracefully disconnect • Attacker-like parallelsim as a defense • Outerlay • Hides the Innerlays from OS, applications • Allows transparent restoration • Automated deployment via X-Bone • User deployed, trans-AS, no new protocols • Integrates heterogeneous net-level security
DDOS Attack Detection Performance Metrics (pathchar) PRM Detail Mux per packet? per TCP? P R M Monitor inject measure M Demux reorder? drop dups?
NetGraph PRM Module /data [format] /policy(?value) /stop?innerlay /go?innerlay
255.255.0.0 255.0.0.0 10.3.0.0 NetFS File System /netfs iface route proto ipfw ipsec default 10.0.0.1 tcp udp lo fxp0 ether ip 0 1 25 26 addr mask default alias1 alias2 mask addr
Goals • Simple, standard interface • Across different OS’s • File system API and semantics • Fine-grained security • User, group, world, etc. • Per instance of each resource • Context-dependent views • Limits “ifconfig –a” response
NetFS File API Socket API sockopt ioctl sysctl In-band API Intertwined Vontrol interfaces routes communication channels
Process A Process B ~netfs ~netfs iface route iface route /netfs iface route X Y Z A B Per-process Context
Related Work • Linux’s /procfs • Processes • Jail(fbsd) & vserver(linux) • Limits root access to 1 IP addr per partition • Plan 9’s /net • Sockets • FreeBSD extensions (underway) • Add naming (kernel hack) to interfaces
s/(bird)(.*)(isi.edu)/(D2)($2)(usc.edu)/ D1 D2 DataRouter S D1 P #55fea3 isi.edu bird D1 S D2 P D1 #55fea3 usc.edu
Motivation • Application-level networks are ‘bad’ • Recapitulate the network layer • Require additional E2E transport protocols • Hard to compose • Network-level overlays not enough • Application-level info. is hidden • IP forwarding is not sufficient
Goal = peer/DHT support: • Useful: • Supports application-directed forwarding • Enables composition/integration of app. svcs. • Clean: • Avoids reinventing the network layer • Avoids reinventing the transport layer • Appropriate: • Forwards fast • Supports IPsec • Is somewhat safe
DataRouter IS: • Header = IP Loose Source Route • Network layer option • Works as an encapsulation header (ala IPsec) • Entry = string • Explicit application context • Forwarding via string rewriting • String (IP address, string’) pair
DataRouter ISN’T: • Routing protocol • IP doesn’t force OSPF, BGP, etc. • Overlay configuration • IP doesn’t force particular topology
Enabled Capabilities • App. forwarding via network svc. • Late-binding integration • One packet: TCP/SYN w/ Google as DR • Google DNS IP • Anycast services • First DR hop = anycast server • Further hops added by appending
Quick FAQ: • This is forwarding; who does routing? • Application that would have done forwarding (Chord, CAN, Napster, Google, DNS) • Can transport handle unbound dests? • Use HIP to decouple TCP/UDP from IP • What is the API? • DR strings via SOCKOPT • Forwarding entries via droute command • Why use REs? • Sufficient, efficient, complete • How does it avoid breaking E2E? • By allowing E2E TCP • Why use a LSR IP option? • Integrates w/existing ICMP, IPsec; allows ‘overlays’; transparent
Example Uses • All in a parsed string: • Class:string metric:string • Escape “:” • Select largest metric
Related Work • Application-directed forwarding • DHTs, web proxies… • Google, DNS • Alternate network forwarding • Dbase index [Carzaniga03] • Linda [Carriero86] • Data manipilation lang. [Chandranmenon95] • Catanet, TRIAD, I3, IPNL, Heaps, Net Ptrs… Electronic control