Towards a New Naming Architectures

1
Towards a New Naming Architectures

• Ion Stoica, Scott Shenker, and many others

2
Goals

• Support
• Mobility machine, data, session
• Multi-homing, multiple-interfaces
• Make middle-boxes part of architecture
• Security
• Better support against DDoS
• Anonymity

3
Designs

• Host Identity Protocol (HIP)
• Internet Indirection Infrastructure (i3)
• Semantic-Free Referencing (SFR)
• Layered Naming Architecture (LNA)

4
Designs

• Host Identity Protocol (HIP)
• Internet Indirection Infrastructure (i3)
• Semantic-Free Referencing (SFR)
• Layered Naming Architecture (LNA)

5
Host Identity Protocol (HIP)

• Provides
• Fast mobility
• Multi-homing
• Support for different addressing schemes
• Transparent IPv4 to IPv6 migration
• Security
• Anonymity
• Secure and authenticate datagrams

6
HIP

• A public key used to identify an end-host
• A 128-bit host identity tag (HIT) used for system
  calls
• HIT is a hash on public key
• Global scope
• A 32-bit local scope identifier (LSI) for IPv4
  compatibility

HIT replaces IP address as a name of a system
7
Protocol Stack
Process
Process
Transport
Transport
ltHIT, portgt
ltIPaddr, portgt
HIP Layer
IP Layer
ltIPaddrgt
ltHITgt
ltIPaddrgt
IP Layer
8
How It Works?
Client app
Client app
DNS library
DNS
Transport
Transport
HIP daemon
HIP daemon
HIP Layer
HIP layer
IPsec
IPsec
9
Designs

• Host Identity Protocol (HIP)
• Internet Indirection Infrastructure (i3)
• Semantic-Free Referencing (SFR)
• Layered Naming Architecture (LNA)

10
Internet Indirection Infrastructure (i3)

• Supports
• Mobility
• Multi-homing
• Anycast
• Multicast
• Accommodate middle-boxes
• Security
• Anonymity
• DoS

11
Internet Indirection Infrastructure (i3)

• Each packet is associated an identifier id
• To receive a packet with identifier id, receiver
  R maintains a trigger (id, R) into the overlay
  network

Sender
Receiver (R)
12
Integrate Middle-Boxes

• Use a stack of IDs to encode sequence of
  operations to be performed on data path

Transcoder (T)
Receiver (R)
Sender
id
R
idT
T
13
i3 Identifiers

• 256-bit IDs
• ID ultimately mapped to an (IPaddrport)
• Mapping under application control
• ID can represent
• A host, flow, service, etc

ID can identify any entity that can receive
packets
14
Protocol Stack
Process
local scope
Process
Transport
ID/ltIPlocal, portgt
Transport
ltIPaddr, portgt
i3 layer (IPlocal-gtID)
ltIDgt
IP Layer
ltIPaddrgt
ltIPi3gt
IP Layer
Sender specific
15
How It Works?(Native i3 Applications)
Receiver R
DNS
Client app
Client app
send(id)
Transport
Transport
i3 daemon
send(id)
i3 layer
i3 layer
send(IPi3)
send(id)
id
R
IPi3
IP
IP
16
How It Works?(Legacy Applications)
IP address r
Client app
Client app
DNS library
DNS
IPlocal
Transport
id
Transport
i3 daemon
i3 daemon
send(IPlocal, port)
send(r,p)
i3 layer
i3 layer
id,IPlocal
send(id)
send(IPi3)
id
(rp)
IPi3
IP
IP
17
Designs

• Host Identity Protocol (HIP)
• Internet Indirection Infrastructure (i3)
• Semantic-Free Referencing (SFR)
• Layered Naming Architecture (LNA)

18
Goal Address DNS Limitations

• DNS names identify machines and organizations not
  data
• Data cannot be easily moved
• Data cannot be easily replicated
• DNS names are brand names
• Political fighting

19
SFR Solution

• Use IDs instead of DNS name
• ID space is flat and IDs have no semantics
• A generalization of DNS
• Returns metadata instead of an IP address
• How to implement it?
• Use distributed hash-tables (DHTs)!

20
DHT Primer

• Interface
• put(id, data)
• data get(id)
• Highly scalable
• O(log N) hops to execute an operation
• Highly robust
• Can tolerate 50 of nodes going down
• Highly dynamic
• Entries can be changed very fast

21
Designs

• Host Identity Protocol (HIP)
• Internet Indirection Infrastructure (i3)
• Semantic-Free Referencing (SFR)
• Layered Naming Architecture (LNA)

22
Layered Naming Architecture (LNA)

• Supports
• Mobility
• Multi-homing
• Integrate middle-boxes
• Security (through middle-boxes)
• Anonymity
• DoS

23
A Old Naming Taxonomy

• Four kinds of network entities (Saltzer)
• Services (and data)
• Hosts (endpoints)
• Network attachment points
• Paths
• Should name each individually
• Ignore paths (router involvement)
• IP addresses name attachment points
• Endpoint identifiers (EIDs) name hosts
• Service identifiers (SIDs) name services/data

24
Protocol Stack
Process
Process
SID?EID
ltSIDgt
Transport
Transport
ltEID, portgt
ltIPaddr, portgt
EID?IP
IP Layer
ltIPaddrgt
ltEIDgt
ltIPaddrgt
IP Layer
25
How It Works?
DNS
Client app
Client app
SID?EID
SID?EID
LNA daemon
DHT
Transport
Transport
send(eid)
EID?IP
EID?IP
Intermediary (IPi)
send(IPi)
IP
IP
26
Principles

• Dont bind to lower-level IDs prematurely
• Host mobility and renumbering (HIP)
• Service and data migration
• Resolution of name need not point to object
  itself, but can point to its delegate
• Resolution can point to intermediaries who
  process packets on behalf of the named target

27
Naming Architecture Requirements

• There should be a layer in the protocol stack
  that uses IDs not IP addresses
• Mobility, multi-homing, replications,
• IDs should be able to name arbitrary objects
• IDs should encode as little semantics as possible
• End-points should be able to use indirection at
  the ID level
• Integrate middle boxes

28
How Many ID Layers?

• HIP one layer IDs identify machines
• SFR one layer IDs identify data
• i3 one layer IDs identify arbitrary objects
• LNA two layers
• EIDs identify machines
• SIDs identify everything else

29
When is the Resolution ID?IP Done?

• SFR above transport
• HIP below transport, at HIP layer
• i3 in the infrastructure
• LNA below transport
• But IP address can be an intermediate point

30
Security Support?

• HIP
• Authentication, data integrity
• Anonymity at transport layer
• Transport layer resistance to DoS attacks
• i3
• Anonymity at IP layer
• Some DoS defense at IP layer
• Everything else can be done though middle-boxes
• LNA
• Everything can be done through middle-boxes

31
Resources

• HIP http//homebase.htt-consult.com/hip/
• SFR http//nms.lcs.mit.edu/projects/sfr/
• i3 http//i3.cs.berkeley.edu