Upload
albert-patterson
View
221
Download
0
Tags:
Embed Size (px)
Citation preview
i-Path :Network Transparency Project
Shigeki Goto*
Akihiro Shimoda*, Ichiro Murase*
Dai Mochinaga**, and Katsushi Kobayashi***
1
* Waseda University
** Mitsubishi Research Institute Inc., *** National Institute of Advanced Science and Technology (AIST)
14th JSPS/NRF Core University Program Seminar on Next Generation Internet
Agenda
1. Introduction– Background and Motivation– Applications
2. Overview of i-Path– Data Collection– New Software
3. More Applications
4. Conclusion
Acknowledgement2
The Goal of i-Path project Accessible Information between the hosts Observing the information disclosure policy of
all stakeholders along the path
3
Background
• Because of …– Observe the information disclosure policy– Status of network depends on variety of factors
Growing demand for backbone bandwidthGrowing demand for backbone bandwidth
Routers keep rich information•Routing table, Link utilization•Temperature, Location, Contact point, Supply voltage etc.
Routers keep rich information•Routing table, Link utilization•Temperature, Location, Contact point, Supply voltage etc.
Network performance fluctuation (e.g. throughput)Network performance fluctuation (e.g. throughput)
Not easy to collect right information and to utilize information along the path
Not easy to collect right information and to utilize information along the path
4
Introduction
• Providing transparency of underlying networks
• End-to-End visibility provides benefit to end hosts and network operators
• Disclosing information leads to improved End-to-End visibility
Motivation
– Monitoring network status– Reporting events and troubleshooting– Reduction in operational cost
5
Introduction
Enhanced Congestion ControlEnhanced Congestion Control
Applications
Best peer selection in P2P communication applications
Best peer selection in P2P communication applications
Dynamic network configuration(e.g. according to Time zones)Dynamic network configuration(e.g. according to Time zones)
Adjust optimal bit rate in VoDAdjust optimal bit rate in VoD
Selection of the appropriate path(e.g. Not violating policies related to content
management)
Selection of the appropriate path(e.g. Not violating policies related to content
management)6
Introduction
Data Collection• Explicit Network Information Collection Along a Path• SIRENS *(Simple Internet Resource Notification Scheme)
– Based on the cross layer approach Bottleneck bandwidth Interface queue capacity Corruption losses etc.
– Scalable network information measurement
* K. Nakauchi and K. Kobayashi. An explicit router feedback framework for high bandwidth-delay product networks. Computer Networks, 51(7):1833–1846, 2007.
7
Overview
Structure of shim-headerInserted between the network and transport headersInserted between the network and transport headers
8
Overview
Information Disclosure• Prohibit to access some Information on routers • Unwilling to disclose inside network status
– Security – Cost
• Each ISP has a disclosure policy• End hosts have their disclosure policy
9
Negotiation: requests and responses
OK to Disclose? OK to Disclose?
OK to Disclose?
Overview
Observing Information Disclosure Policies
Policy:Alice & Bob allow to disclose beyond 3rd hop router.
Implementation:• Alice does not send req. for her
neighbor & the next neighbor routers, i.e.,1st & 2nd hops.
• Bob does not send back res. same as Alice, i.e., 6th & 7th hops.
Results:
• Alice obtains 3-5 hops data.
• Bob obtains 3-7 hops data
Selective requests and responses
10
New Software Tools
xml
Sender Receiver
TCP Data
(a)Send a SIRENS request packet(b)Receive the request packet and reply
(c)Receive the reply packet and make xml files
Developed
software
TCP Data
TCP Data
TCP Data
TCP Data
TCP Data
i-Path Router
11
Snapshot of the Visualization Tool
• Dark colored (Blue) routers – Data Collection: Enabled
• Gray colored routers– Data Collection: Not enabled or Not Exist
12
Network Threat Detection
Attackers
TARGETIP address : X.X.X.X
DDoS Packetsdestination: TARGETSource IP Address: Spoofed IP Address
Back Scatter Packetsdestination: Spoofed IP AddressSource: TARGET
Internet
extraneous hosts/servers
More applications
S.Nogami, A.Shimoda and S.Goto, Detection of DDoS attacks by i-Path flow analysis, (in Japanese, to appear) 72nd National Convention of IPSJ, Mar. 2010.
13
NAT traversal
14
More applications
Different kind of NATs:full cone, restricted cone, port restricted cone, symmetric
symmetric NAT
K.Tobe, A.Shimoda and S.Goto, NAT traversal with transparent routers,(in Japanese, to appear) 72nd National Convention of IPSJ, Mar. 2010
Current Status and Future Plans• i-Path project wiki
http://i-path.goto.info.waseda.ac.jp/trac/i-Path/• Dai Mochinaga, Katsushi Kobayashi, Shigeki
Goto, Akihiro Shimoda, and Ichiro Murase, Collecting Information to Visualize Network Status, 28th APAN Network Research Workshop, pp.1—4, 2009.
• Network application utilizing collected information• Demonstration on R&D testbed: JGN in Japan• Demonstration at SC09, Portland, OR, Nov. 2009
15
Conclusion
• We proposed new method disclosing network information
• i-Path – Offering end-to-end visibility, transparency– Observing privacy protection– Respecting disclosure policy
16
Acknowledgement
This project is supported by
National Institute of Information and Communications Technology (NICT), Japan.
17