Advanced Computer

Networks (CS ZG525)

BITS Pilani
Pilani Campus

Virendra S Shekhawat
Department of Computer Science and Information Systems

BITS Pilani
Pilani Campus

First Semester 2015-2016

Lecture-11 [27th Sept 2015]

Agenda
Generalization of the Internets Point to Point
Communication (i.e. Unicast, Anycast and Multicast) using
Overlay Approach
[CH-19] & [CH-20]
Reading
Internet Indirection Infrastructure (i3) [Ion Stoica, 2002]
http://conferences.sigcomm.org/sigcomm/2002/papers/i3.pdf

3
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Motivations [1]
Todays Internet is built around a unicast point-topoint communication abstraction:
Send packet p from host A to host B

Point-to-point communication
Implicitly assumes there is one sender and one receiver,
and that they are placed at fixed and well-known locations

4
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Motivations [2]
This abstraction allows Internet to be highly scalable
and efficient, but
not appropriate for applications that require other
communications primitives:

Multicast
Anycast
Mobility

Key Observation: Virtually all these proposals use

indirection
Physical indirection point mobile IP
Logical indirection point IP multicast
5
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Solution

Use an overlay network to implement this layer

Incrementally deployable; dont need to change IP

6
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Solution
Multicast

Anycast

Mobility

Service
Composition

An indirection layer based on overlay network

(decouples sending and receiving)

DHT

IP Layer
7
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Internet Indirection Infrastructure (i3)

Each packet is associated an identifier id
To receive a packet with identifier id, receiver
R maintains a trigger(id, R) into the overlay
network

Sender

trigger

id

Receiver (R)

R
8

First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Service Model
API
sendPacket(p);
insertTrigger(t);
removeTrigger(t) // optional

Best-effort service model (like IP)

Triggers periodically refreshed by end-hosts
ID length: 256 bits
9
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Mobility
Host just needs to update its trigger as it
moves from one subnet to another

Sender

id R2
R1

Receiver
(R1)

Receiver
(R2)
10
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Multicast
Receivers insert triggers with same identifier
Can dynamically switch between multicast and
unicast

Sender

trigger
id

R1

id

R2

Receiver (R1)

trigger
Receiver (R2)
11

First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Anycast
Use longest prefix matching instead of exact
matching
Prefix p: anycast group identifier
Suffix si: encode application semantics, e.g., location

12
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Using i3
Service Composition
Server initiated
Receiver initiated

Large Scale Multicast

13
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Service Composition: Sender Initiated

Use a stack of IDs to encode sequence of
operations to be performed on data path

S_MPEG/JPEG
send((ID_MPEG/JPEG,ID), data)

Sender
(MPEG)

send(R, data)

send(ID, data)

ID_MPEG/JPEG S_MPEG/JPEG

ID

Receiver R
(JPEG)

14
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Service Composition: Receiver Initiated

Receiver can also specify the operations to be
performed on data
S_MPEG/JPEG
send(R, data)
send(ID, data)

Sender
(MPEG)

ID_MPEG/JPEG S_MPEG/JPEG

Receiver R
(JPEG)

send((ID_MPEG/JPEG,R), data)

ID

ID_MPEG/JPEG, R

15
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Large Scale Multicast

Can create a multicast tree for scalability

(g, data)
g
x
x
R3

R3

g g
R1 R2

R2

x
R4

R1
R4

16
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Implementation Overview
ID space is partitioned across infrastructure
nodes
Each node responsible for a region of ID space

Each trigger (id, R) is stored at the node

responsible for id
Use Chord to route triggers and packets to
nodes responsible for their IDs
O(log N) hops
17
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Properties
Robustness, Efficiency, Scalability, Stability
Robustness: refresh triggers , trigger replication, back-up triggers
Efficiency: Routing optimizations
Scalability: For n triggers and N servers, each server will store n/N
triggers on an average
Stability: Mapping between triggers and servers is relatively stable
over time.

Incremental deployment is possible

Legacy applications can be supported by proxy which inserts
triggers on behalf of client
UDP based applications can be benefitted without any modification
18
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Example
ID space [0..63] partitioned across five i3 nodes
Each host knows one i3 node
R inserts trigger (37, R); S sends packet (37, data)

19
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Example
ID space [0..63] partitioned across five i3 nodes
Each host knows one i3 node
R inserts trigger (37, R); S sends packet (37, data)

20
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Optimization: Path Length

Sender/receiver caches i3 node mapping a specific ID
Subsequent packets are sent via one i3 node

21
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Public and Private Triggers

The identifier of a public trigger is known by all end hosts in
the system
e.g. Web server maintains a public trigger to allow any client to
contact it

Public triggers are long lived while as private triggers exists

only during the duration of the flow
Example:
Consider a web server B with public trigger (idpub, B)
Client A chooses a private trigger identifier (ida, A) to contact server
B and insert this trigger into i3, also sends ida to B via its public
trigger
Similarly, server B also insert its private trigger and sends to A via
As private trigger
Now both use private triggers to communicate.
22
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Optimization: Location-aware Triggers

Well-known (public) trigger for initial rendezvous
Exchange a pair of (private) triggers well-located
Use private triggers to send data traffic

Private Triggers:
- S can insert a trigger [1,S] that is stored at server 3
- R can chose a trigger [30,R] that is stored at server 35
First Sem 2015-16

Advanced Computer Networks CS G525

23
BITS Pilani, Pilani Campus

Security
i3 end-points also store routing information
New opportunities for malicious users

Goal: make i3 not worse than todays Internet

24
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Some Attacks

25
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Eavesdropping: Solutions
Attacker can diverts the traffic towards itself (multicast
scenario), simply by inserting trigger with desired id
and own IP address
Solutions
Use private triggers, periodically change them, multiple
private triggers
End hosts can use public triggers to choose private triggers
which can be used for data transfer
Brute force attack is difficult due to the length of the
identifier used (i.e. 256 bits)
26
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Trigger hijacking: Solution

Isolating a host by removing its public trigger
To remove a trigger, attacker also requires IP address of
the host. Is it difficult to get it?
Solution
Add another level of indirection
Server can insert two triggers (idp,x) and (x,S) in place of one
trigger i.e. (idp,S)
Here x is known to S only and attacker needs x for removing
any of these triggers
Any performance impact ?
Sol: Receiver can choose x such that both triggers are stored at the
same server
27
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

DoS Attacks
Attack on end host:
A malicious user can insert a hierarchy of triggers, in which all
triggers on the last level point to the victim
A packet send to the trigger at the root of the hierarchy will
cause the packet to be replicated and all replicas to be send to
the victim

Attack on the infrastructure

An attacker can create trigger loops by connecting the leaves of
a trigger hierarchy to its root
In this case each packet sent to the root will be exponentially
replicated!
28
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Dos Attack: Solution

Assumption
In i3, a trigger thats points to an end host R is inserted by the
end host itself

The verification of this assumption can stop attackers to

use hierarchy of triggers to mount a DoS attack
A nonce packet can be send to the host to verify. If the
receiver fails to answer the nonce then.
Leaf triggers will be removed from the trigger hierarchy if
verification fails
29
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Resource Allocation based

Solution
Each i3 server uses Fair Queuing to allocate
resources amongst the triggers it stores
As soon as each trigger reaches its fair share the
excess packets will be dropped
Hence damage inflicted by the an attacker is only
proportional to the number of triggers it
maintains
Does this technique solve the problem.?

30
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Loop Detection
When a trigger that does not points to an IP
address is inserted, the server must check for
the possibility of the loop

How to detect the loop in i3?

Send a special packet with a random nonce. If the
packet returns back to the server, the trigger is to
be removed
31
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Conclusions
Indirection key technique to implement basic
communication abstractions
Multicast, Anycast, Mobility,

This work
Advocates for building an efficient Indirection Layer on top
of IP
Explores the implications of changing the communication
abstraction

For more details, visit

http://i3.cs.berkeley.edu/
32
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Thank You !

33
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus