計(jì)算機(jī)網(wǎng)絡(luò)體系結(jié)構(gòu)新進(jìn)展

第一章

計(jì)算機(jī)網(wǎng)絡(luò)體系結(jié)構(gòu)與Internet（2）RethinkingtheInternetArchitecture徐明偉

OutlineChallengestonetworkarchitectureNewNetworkArchitectureResearchNewArch,GENI,FINDandFIRE973項(xiàng)目“新一代互聯(lián)網(wǎng)體系結(jié)構(gòu)理論研究”Role-BasedArchitecture(RBA)HostIdentityProtocol(HIP)InternetIndirectionInfrastructure(I3)Information-CentricNetworking(ICN)OutlineChallengestonetworkarchitectureNewNetworkArchitectureResearchNewArch,GENI,FINDandFIRE973項(xiàng)目“新一代互聯(lián)網(wǎng)體系結(jié)構(gòu)理論研究”Role-BasedArchitecture(RBA)HostIdentityProtocol(HIP)InternetIndirectionInfrastructure(I3)Information-CentricNetworking(ICN)Internetissuccessful,but…TheInternetdesignhasbeenverysuccessfulScaledintoahugeworldwideinfrastructureAdaptedtomanynewcommunicationtechnologiesFrameRelay,ATM,wireless,optical,...Easilyadaptedtounforeseenapplications--Web,P2PAdaptsoverahugedynamicrangeBUT...Seriousnewchallenges--newrequirementsandissuesLossoftechnicalcoherenceNewChallengestoArchitectureCommercialInternetBusinessmodels--ISPsneedtobeabletomakemoneyNeedtoharnesscompetitiontodriveinnovationLegal,political,andpublicpolicyissuesErosionoftrust(Lossofinnocence)Spam/viruses/worms/DDoSattacks/...NewtechnologiesandapplicationsOpticalnetwork,wirelessnetwork…Contentdistribution(IPTV,P2P)…NewChallengestoArchitecture(cont’d)LossofTechnicalCoherenceEquipmentvendorswanttosellboxesTheyarebusilydesigningpointsolutionstospecificproblems;ofteninconflict,lackingingenerality.Lookslikeadownwardspiralintotechnicalchaos.ErosionoftheEnd-to-EndPrincipleArgumentaboutLayeringPrincipleScalabilityErosionoftheEnd-to-EndPrincipleAcurrentarchitecturalbattleground…

“Middleboxes”processuserpacketsinsidethenetwork.E.g.,webcachesandproxies,application-levelfirewalls,NATboxes,performance-enhancingproxies,…TheyperformusefulfunctionsbutviolatetheE2EPrinciple.Thatismorethanreligion--theyreducerobustness,generality,extensibility,andsimplicity.

Linklayer

(subnet-specific)

InternetlayerIP

Transportlayer

TCP,UDP,SCTP...ApplicationlayerSMTP,HTTP,...ArgumentaboutLayeringPrincipleMarblingtheInternetLayerCakePhysicallayer532144.5TLS3.5IPsec2.5MPLSProtocolstackorprotocolheap?CrosslayerdesignScalabilitySincetheARPANETstarted,variousmeasuresofthesizeoftheInternethaveincreasedbyfactorsbetween1,000(backbonespeed)and1,000,000(numberofhosts)IPv4addressdepletionRoutingscalabilityInthisenvironment,somearchitecturalprinciplesinevitablychange.Principlesthatseemedinviolableafewyearsagoaredeprecatedtoday.Principlesthatseemsacredtodaywillbedeprecatedtomorrow.OnBeingtheRightSizePublishedin1928(longbeforecomputernetworkswereinvented)byJ.B.S.Haldane,Discussedsizeinthenatural(biological)worldandsystems.

“notonlytentimesashigh,buttentimesaswideandtentimesasthick,sothattheirtotalweightwasathousandtimeshis,…sothateverysquareinchofgiantbonehadtosupporttentimestheweight”Thisiswhygazelleswithlongandthinlegs,whilerhinoceroswithshortandthicklegs.Thinkaboutwhetherthereisa"rightsize"foranetwork,andwhataspectsofanetworkdeterminethe"rightsize“.OutlineChallengestonetworkarchitectureNewNetworkArchitectureResearchNewArch,GENI,FINDandFIRE973項(xiàng)目“新一代互聯(lián)網(wǎng)體系結(jié)構(gòu)理論研究”Role-BasedArchitecture(RBA)HostIdentityProtocol(HIP)InternetIndirectionInfrastructure(I3)Information-CentricNetworking(ICN)NewArch2000–2003,asmallDARPA-fundedprojectObjective:tofigureoutwhattheInternetarchitecturewouldhavebeenifwehadknownin1979whatweknowtoday.Cleanslatedesign:ignorecompatibility/transitionissuesNewArchPlayers:DaveClark(MIT),BobBraden(ISI),MarkHandley&ScottShenker(ICIR),etc.NewArch--theProcessRe-examinetherequirementsandassumptionsTrytounderstandimplicationsfortheInternetarchitectureofeconomic,political,andsocialforcesExamineasetofpropositionsoftheform:WhatifwerelaxedassumptionX?WhatifweaddedassumptionY?AndpursueafewofthepromisingXsandYsSampleofPropositionsConsideredRelaxedassumptionX:X=Allpackets(e.g.,nobitstreams)X=ProtocollayeringX=Networklocator==End-pointidentifierAddedassumptionY:Y=ProvideregionsoftrustY=SupportubiquitousmobilityY=CarrycongestionstateinpacketheadersY=EmpoweruserstochooseISPs(=>competition)Finaltechnicalreport:GENI:GlobalEnvironmentforNetworkInnovationsAprojectsponsoredbytheNationalScienceFoundationGENIisavirtuallaboratoryatthefrontiersofnetworkscienceandengineeringforexploringfutureinternetsatscale.Somehighlights,suchasOpenFlowMoUbetweenGENIandCERNET

FIND:FutureInternetDesignFINDisalong-terminitiativeoftheNSFNeTSresearchprogramFINDinvitestheresearchcommunitytoconsiderWhattherequirementsshouldbeforaglobalnetworkof15yearsfromnowHowwecouldbuildsuchanetworkifwearenotconstrainedbythecurrentInternet--ifwecoulddesignitfromscratch.

MotivationforFINDChallengescommunitytothinkaboutwhywebuiltwhatwebuiltAlotwegotright(perhapssurprising…)AlotisalmostanaccidentChallengesustoenvisionafutureNotjustimprovethepresentFreeourmindsfromtheconstraintsofwhatis,toimaginewhatwemightbeFIA:FutureInternetArchitecture2010.8.27,NSFannouncedawardsforfournewprojectsaspartoftheFIAprogramNamedDataNetworkingMovethecommunicationparadigmfromtoday'sfocuson"where“to"what“MobilityFirstUseDTNtoproviderobustnessandproposeanarchitecturecenteredonmobilityasthenormNEBULA(nebulaisLatinforcloud)eXpressiveInternetArchitectureAddressthegrowingdiversityofnetworkusemodelsFIRE:FutureInternetResearchandExperimentationFIREisaninitiativeundertheEUFP7TheinitiativehastworelateddimensionsBuildaEuropeanExperimentalFacilityforFutureInternetresearchSupportexperimentally-drivenadvancedresearch

973項(xiàng)目新一代互聯(lián)網(wǎng)體系結(jié)構(gòu)理論研究互聯(lián)網(wǎng)面臨的重大理論挑戰(zhàn)超高速光傳輸?shù)目茖W(xué)進(jìn)步，使基于不可靠低速通信線路的分組交換理論及其互聯(lián)網(wǎng)體系結(jié)構(gòu)面臨重大挑戰(zhàn)互聯(lián)網(wǎng)“盡力而為、邊緣復(fù)雜、核心簡(jiǎn)單”的體系結(jié)構(gòu)如何滿足新一代互聯(lián)網(wǎng)多目標(biāo)服務(wù)質(zhì)量控制的需求計(jì)算機(jī)網(wǎng)絡(luò)、電信網(wǎng)、電視網(wǎng)的功能融合對(duì)互聯(lián)網(wǎng)體系結(jié)構(gòu)提出新的挑戰(zhàn)互聯(lián)網(wǎng)中大量通信協(xié)議軟件的開發(fā)對(duì)傳統(tǒng)軟件理論提出重大挑戰(zhàn)：形式化描述、驗(yàn)證、測(cè)試和可重用性傳統(tǒng)的基于泊松過程的馬爾可夫理論無法描述互聯(lián)網(wǎng)突發(fā)流量的自相似性和無連接特性人們對(duì)互聯(lián)網(wǎng)日益依賴與互聯(lián)網(wǎng)體系結(jié)構(gòu)脆弱和不可信的矛盾問題日益加據(jù)：?jiǎn)我恍詭砭薮蟀踩[患擬解決的關(guān)鍵科學(xué)問題互聯(lián)網(wǎng)體系結(jié)構(gòu)的多維可擴(kuò)展性研究解決現(xiàn)有網(wǎng)絡(luò)體系結(jié)構(gòu)的單一可擴(kuò)展性和網(wǎng)絡(luò)功能的復(fù)雜多樣性之間的矛盾。探索從單一的規(guī)模可擴(kuò)展，到功能可擴(kuò)展、性能可擴(kuò)展、安全可擴(kuò)展和服務(wù)可擴(kuò)展的多維可擴(kuò)展理論。網(wǎng)絡(luò)動(dòng)態(tài)行為及其可控性研究解決未知的網(wǎng)絡(luò)行為與確定的傳輸控制目標(biāo)之間的矛盾。探索互聯(lián)網(wǎng)動(dòng)態(tài)行為模型和基于該模型的自適應(yīng)控制方法。脆弱復(fù)雜巨系統(tǒng)的可信性研究解決網(wǎng)絡(luò)的脆弱性和安全可信需求之間的矛盾。研究脆弱復(fù)雜互聯(lián)網(wǎng)的安全可信模型和控制方法。穩(wěn)定網(wǎng)絡(luò)體系結(jié)構(gòu)的服務(wù)多樣性研究解決網(wǎng)絡(luò)體系結(jié)構(gòu)的相對(duì)穩(wěn)定性和網(wǎng)絡(luò)服務(wù)需求的復(fù)雜多變之間的矛盾。探索大規(guī)?；ヂ?lián)網(wǎng)服務(wù)理論，研究多樣性網(wǎng)絡(luò)服務(wù)模型和服務(wù)可管理性問題。其他網(wǎng)絡(luò)體系結(jié)構(gòu)相關(guān)的973項(xiàng)目一體化可信網(wǎng)絡(luò)與普適服務(wù)體系基礎(chǔ)研究面向服務(wù)的未來互聯(lián)網(wǎng)體系結(jié)構(gòu)可重構(gòu)信息通信基礎(chǔ)網(wǎng)絡(luò)體系研究OutlineChallengestonetworkarchitectureNewNetworkArchitectureResearchNewArch,GENI,FINDandFIRE973項(xiàng)目“新一代互聯(lián)網(wǎng)體系結(jié)構(gòu)理論研究”Role-BasedArchitecture(RBA)HostIdentityProtocol(HIP)InternetIndirectionInfrastructure(I3)Information-CentricNetworking(ICN)RBASupportedbyNewArchMotivationTheIETFhaseanarchitecturalpretzelfactory.LayerviolationsSub-layerproliferationE.g.,MPLSat2.5,IPsecat3.5ErosionofE2Emodel--middleboxesFirewalls,NATs,proxies,caches,...Canwesomehowreducethecomplexityandincreasethearchitecturalflexibility?SuggestionSuggestion1:Replacethetraditionalprotocollayeringparadigmwithamoregeneralmodel.Manyoftheseproblemsseemtoberelatedtotraditionallayering.Suggestion2:Provideaprotocolmechanismtoattachadditionalmetadatatodatapackets--“in-bandsignaling”--formiddleboxes.Attachcolor-coded“stickies”topacketsinthenetwork.ThesesuggestionsledtotheconceptsofRole-BasedArchitecture(RBA)Givinguplayeringhasprofoundconsequencesforhowwethinkaboutprotocols.WhatDoesNon-LayeredMean?TraditionallayeredarchitectureModularityFunctionalunitforeachprotocollayer.Packetheaderformat:Sub-headerforeachlayer,formingalogicalstack.Headerprocessingrules:Order:Headersprocessedinorderbylayer(LIFO)Access:Afunctionalmodulecanread/writeonlyitsownsub-headerWhatDoesNon-LayeredMean?(Cont’d)Non-LayeredarchitectureModularity:Role:Functionalspecofacommunicationbuildingblock.Packetheaderformat:Anarbitrarycollectionofsub-headers:“roledata”.TheseareRole-SpecificHeaders(RSHs).RSHsareaddressedtoroles.HeaderdatastructureisnowalogicalheapofRSHs.Processingrules:neednewrulesfororder,access.RSHProcessinginaNodeRoleARoleBRoleCNetworkNodePayloadRSH1RSH2RSH3HeapPacketWriteReadObjectivesofRBAClarity:Replace“l(fā)ayerviolations”witharchitectedroleinteractionsFlexibilityRoleshavemoreflexiblerelationshipsthanlayersExtensibilityRolesaremodularandhopefullyorthogonal.Nolayerrestrictions.InbandSignalingRSHscanactas“stickies”,e.g.,tocontrolmiddleboxes.AuditabilityCanleaveRSHsaftertheyhavebeen“consumed”,tosignaltodownstreamnodesthatafunctionhasbeenperformed.ObjectivesofRBA(Cont’d)PortabilityAllowrolestobesitedarbitrarilyonnodes.Forextracredit:mobilerolesthatmigrateamongnodesRe-ModularizationCurrentmonolithicprotocollayersarelargeandcomplex;

canre-modularizeintosmallerunits.ThisisnotanewideaItisunclearhowfaroneshouldgotowardsmicro-rolesButRBAgivesusfreedomofchoiceonfunctionalgranularitySecurityHideparticularroledata(Don’tmuckwithmymeta-data!)RSHmightbeunitforencryptionofroledataConclusionsAdvantagesofRBAModularizesfunctionalitybetterthanlayeringdoes.ProvidesanexplicitplaceformiddleboxmetadataShouldcreatefewerunexpectedfeatureinteractionsDisadvantagesofRBAReplacementofdeployedprotocolsLessefficient(headerspace,processing).GreaterflexibilitymayitselfincreasecomplexityandconfusionOutlineChallengestonetworkarchitectureNewNetworkArchitectureResearchNewArch,GENI,FINDandFIRE973項(xiàng)目“新一代互聯(lián)網(wǎng)體系結(jié)構(gòu)理論研究”Role-BasedArchitecture(RBA)HostIdentityProtocol(HIP)InternetIndirectionInfrastructure(I3)Information-CentricNetworking(ICN)TheHIPProtocolOverviewProtocolproposalcontains:Anewnamespace/newidentityAnauthenticationandkeyexchangeprotocolArchitecturalthoughtsHostIdentityUsinganIPaddresstoidentifyahostisnotthebestidea(seemulti-homedhosts,virtualinterfaces)AnewnamespacefortheInternetCryptograpicallybasedNon-spoofable‘Statistically’globalscopeUsedinsecurityassociationbindingsandpacketforwardingmechanismsSeparatesroutingfromendpointidentificationHostIdentity(cont’d)Newlyintroducedidentities:HostIdentity(=publickey)HostIdentityTag(=hashofthepublickey,128bit)LSI(32-bitLocalScopeIdentity)Higherlayersonlyseeidentities,notaddressesIPv6applicationsusethe128bitHITIPv4applicationsusethe32bitLSIHostIdentitiescanbewell-knownoranonymousEachhosthasatleastoneidentityTheProtocolStackApplication-specificidentifiersDataLinkLayer

NetworkLayer

TransportLayer

ApplicationLayerPairs<IPaddress,Port#>+TransportProtocolID

HostIdentityHostIdentity(HI)IPaddressesLinklayeraddressesTheHIPProtocol

AnauthenticationandkeyexchangeprotocolTheHIPprotocolisusedtoverifytheHostIdentityandtocreateanIPsecESPsecurityassociationHIPisalwayscombinedwithIPsecESPwheretheHIPIdentityis“compressed”intoIPsecESPSPITheprotocolhasthefollowingproperties:Denial-of-Serviceprotectionwiththeclient-puzzlemechanismDigitalsignatures,identitiesandcertificatesareexchangedSummaryHIPintroducesnewandinterestingconcepts.Theintroductionofanewaddressspacebasedonacryptographicidentitymakesalotofthingseasier:MobilityMulti-HomingSolutionsarealreadytherefortheseproblems;

HIPsolvestheproblemsinadifferentway.AdditionallyHIPhassecurityintegratedintotheprotocolWorkinIETFandIRTFOutlineChallengestonetworkarchitectureNewNetworkArchitectureResearchNewArch,GENIandFINDFIRE973項(xiàng)目“新一代互聯(lián)網(wǎng)體系結(jié)構(gòu)理論研究”Role-BasedArchitecture(RBA)HostIdentityProtocol(HIP)InternetIndirectionInfrastructure(I3)Information-CentricNetworking(ICN)InternetIndirectionInfrastructure(I3)

MotivationsToday’sInternetisbuiltaroundaunicastpoint-to-pointcommunicationabstraction:Sendpacket“p”fromhost“A”tohost“B”ThisabstractionallowsInternettobehighlyscalableandefficient,but……notappropriateforapplicationsthatrequiremoregeneralcommunicationabstractions:MulticastAnycastMobility…

Why?Point-to-pointcommunication

implicitlyassumesthereisonesenderandonereceiver,andthattheyaremostlyplacedatfixedandwell-knownlocationsE.g.,ahostidentifiedbytheIPaddress166.111.xxx.xxxislocatedinTsinghuaE.g.,anapplicationincommunicationisusuallyidentifiedbyher/hisIPaddress+portnumberWeWantMoreGeneralCommunicationTheidentitiesofthereceivinghostsareunknown:multicastandanycast.Thereceivinglocationnofixed:mobility.Strictbindingofsendingandreceiving(asitistoday)causesthestatedproblemsKeyObservationVirtuallyallpreviousproposalsuseindirection,e.g.,PhysicalindirectionpointmobileIPLogicalindirectionpointIPmulticast“Anyproblemincomputersciencecanbesolvedbyaddingalayerofindirection”I3SolutionUseanoverlaynetworktoimplementindirectionIncrementallydeployable;don’tneedtochangeIPBuildanefficientindirectionlayerontopofIPIPTCP/UDPApplicationIndir.layerServiceModelLogicalidentifier(Rendezvous-Based)“glue”ofsendingandreceivingAsourcesendspacketsassociatedtoalogicalidentifier

id

intotheoverlaynetworkAreceiverexpressesinterestinreceivingapacketwithidentifieridbyinsertingatrigger

(id,R)intotheoverlaynetworkServiceModel(cont’d)Rendezvous/i3ServerMaintaintriggersReceiveandforwardpacketsOthermodificationsAPIsendPacket(p);insertTrigger(t);removeTrigger(t)//optionalBest-effortservicemodel(likeIP)Controlatend-hostsAnExampleTrigger(id,R)

Sender(id,data)

Receiver(R,data)IPinformationhiddenfromendusersSendingonlywhenallowedSenderidRtriggeriddataReceiver(R)iddataRdataPacket/TriggerLogicSimplestform:CompletematchPacket(id,

data)

Trigger(id,

addr)addr:(IP,

port),towherethedataisforwardedonIPlayerGeneralization:Inexactmatchofididt

in

(id,data)isalongestprefixmatchofidAtleastkbitsmatch(exactmatchthreshold)Challenge:efficientlymatchpacketsandtriggersMobilityHostjustneedstoupdateitstriggerasitmovesfromonesubnettoanotherSenderReceiver(R1)Receiver(R2)idR1idR2MulticastiddataReceiversinserttriggerswithsameidentifierCandynamicallyswitchbetweenmulticastandunicastReceiver(R1)idR1Receiver(R2)idR2SenderR1dataR2dataiddataAnycastUselongestprefixmatchinginsteadofexactmatchingPrefixp:anycastgroupidentifierSuffixsi:encodeapplicationsemantics,e.g.,location SenderReceiver(R1)p|s1R1Receiver(R2)p|s2R2p|s3R3Receiver(R3)R1datap|adatap|adataPerformanceIssuesRobustnessRouting:LargelydependsonDHTManagement:SoftstateTriggerloss:reinsert,backupid,successorreplicaProblem:alltriggerswiththesameprefixshouldbecachedtogetherEfficiencyandloadbalancingCachingservers’IPaddressesofrecentidsSamplingmorei3servers/rendezvouspointsScalabilityConflictwithefficiency?HierarchyAnindirectionlayerbasedonoverlaynetworkdecouplingsendingandreceivingMulticastAnycastMobilityServiceCompositionIPLayerDHTDesignPrinciplesHostInfrastructureInternet&InfrastructureoverlaysDataplaneControlplanep2p&End-hostoverlaysDataplaneControlplanei3DataplaneControlplaneOutlineChallengestonetworkarchitectureNewNetworkArchitectureResearchNewArch,GENI,FINDandFIRE973項(xiàng)目“新一代互聯(lián)網(wǎng)體系結(jié)構(gòu)理論研究”Role-BasedArchitecture(RBA)HostIdentityProtocol(HIP)InternetIndirectionInfrastructure(I3)Information-CentricNetworking(ICN)PopularConception:

ContentDistributionOvertheInternetDoesNotScaleAttemptstoMitigateP2PEnhancingscalabilitybydistributingservingloadBut:trafficmanagementandpeerselectioncontroldeemednecessaryAlso:combiningP2Pwithdedicatedin-networkstorage(DECADE)CDNEnhancingscalabilityandperformancebyoperatingdedicatedcachesclosetoaccessnetworksBut:proprietary,standalonenetworks–increasingdemandforinterconnect:CDNIRequirementRepresentsaneedfor

Accessingnamedresources,nothostsScalabledistributionthroughreplicationandcachi