I-Path : Network Transparency Project Shigeki Goto* Akihiro Shimoda*, Ichiro Murase* Dai...

i-Path :Network Transparency Project

Shigeki Goto*

Akihiro Shimoda*, Ichiro Murase*

Dai Mochinaga**, and Katsushi Kobayashi***

1

* Waseda University

** Mitsubishi Research Institute Inc., *** National Institute of Advanced Science and Technology (AIST)

14th JSPS/NRF Core University Program Seminar on Next Generation Internet

Agenda

1. Introduction– Background and Motivation– Applications

2. Overview of i-Path– Data Collection– New Software

3. More Applications

4. Conclusion

Acknowledgement2

The Goal of i-Path project Accessible Information between the hosts Observing the information disclosure policy of

all stakeholders along the path

3

Background

• Because of …– Observe the information disclosure policy– Status of network depends on variety of factors

Growing demand for backbone bandwidthGrowing demand for backbone bandwidth

Routers keep rich information•Routing table, Link utilization•Temperature, Location, Contact point, Supply voltage etc.

Routers keep rich information•Routing table, Link utilization•Temperature, Location, Contact point, Supply voltage etc.

Network performance fluctuation (e.g. throughput)Network performance fluctuation (e.g. throughput)

Not easy to collect right information and to utilize information along the path

Not easy to collect right information and to utilize information along the path

4

Introduction

• Providing transparency of underlying networks

• End-to-End visibility provides benefit to end hosts and network operators

• Disclosing information leads to improved End-to-End visibility

Motivation

– Monitoring network status– Reporting events and troubleshooting– Reduction in operational cost

5

Introduction

Enhanced Congestion ControlEnhanced Congestion Control

Applications

Best peer selection in P2P communication applications

Best peer selection in P2P communication applications

Dynamic network configuration(e.g. according to Time zones)Dynamic network configuration(e.g. according to Time zones)

Adjust optimal bit rate in VoDAdjust optimal bit rate in VoD

Selection of the appropriate path(e.g. Not violating policies related to content

management)

Selection of the appropriate path(e.g. Not violating policies related to content

management)6

Introduction

Data Collection• Explicit Network Information Collection Along a Path• SIRENS *(Simple Internet Resource Notification Scheme)

– Based on the cross layer approach Bottleneck bandwidth Interface queue capacity Corruption losses etc.

– Scalable network information measurement

* K. Nakauchi and K. Kobayashi. An explicit router 　 feedback framework for high bandwidth-delay product 　 networks. Computer Networks, 51(7):1833–1846, 2007.

7

Overview

Structure of shim-headerInserted between the network and transport headersInserted between the network and transport headers

8

Overview

Information Disclosure• Prohibit to access some Information on routers • Unwilling to disclose inside network status

– Security – Cost

• Each ISP has a disclosure policy• End hosts have their disclosure policy

9

Negotiation: requests and responses

OK to Disclose? OK to Disclose?

OK to Disclose?

Overview

Observing Information Disclosure Policies

Policy:Alice & Bob allow to disclose beyond 3rd hop router.

Implementation:• Alice does not send req. for her

neighbor & the next neighbor routers, i.e.,1st & 2nd hops.

• Bob does not send back res. same as Alice, i.e., 6th & 7th hops.

Results:

• Alice obtains 3-5 hops data.

• Bob obtains 3-7 hops data

Selective requests and responses

10

New Software Tools

xml

Sender Receiver

TCP　Data

(a)Send　a　SIRENS　request　packet(b)Receive　the　request　packet　and　reply

(c)Receive　the　reply　packet　and　make　xml　files

Developed　

software

TCP　Data

TCP　Data

TCP　Data

TCP　Data

TCP　Data

i-Path　Router

11

Snapshot of the Visualization Tool

• Dark colored (Blue) routers – Data Collection: Enabled

• Gray colored routers– Data Collection: Not enabled or Not Exist

12

Network Threat Detection

Attackers

TARGETIP address : X.X.X.X

DDoS Packetsdestination: TARGETSource IP Address: Spoofed IP Address

Back 　 Scatter Packetsdestination: Spoofed IP AddressSource: TARGET

Internet

extraneous hosts/servers

More applications

S.Nogami, A.Shimoda and S.Goto, Detection of DDoS attacks by i-Path flow analysis, (in Japanese, to appear) 72nd National Convention of IPSJ, Mar. 2010.

13

NAT traversal

14

More applications

Different kind of NATs:full cone, restricted cone, port restricted cone, symmetric

symmetric NAT

K.Tobe, A.Shimoda and S.Goto, NAT traversal with transparent routers,(in Japanese, to appear) 72nd National Convention of IPSJ, Mar. 2010

Current Status and Future Plans• i-Path project wiki

http://i-path.goto.info.waseda.ac.jp/trac/i-Path/• Dai Mochinaga, Katsushi Kobayashi, Shigeki

Goto, Akihiro Shimoda, and Ichiro Murase, Collecting Information to Visualize Network Status, 28th APAN Network Research Workshop, pp.1—4, 2009.

• Network application utilizing collected information• Demonstration on R&D testbed: JGN in Japan• Demonstration at SC09, Portland, OR, Nov. 2009

15

Conclusion

• We proposed new method disclosing network information

• i-Path – Offering end-to-end visibility, transparency– Observing privacy protection– Respecting disclosure policy

16

Acknowledgement

This project is supported by

National Institute of Information and Communications Technology (NICT), Japan.

17