Internet Indirection Infrastructure

1
Internet Indirection Infrastructure

• Ion Stoica and many others
• UC Berkeley

2
Motivation

• Todays Internet is built around a unicast
  point-to-point communication abstraction
• Send packet p from host A to host B
• This abstraction allows Internet to be highly
  scalable and efficient, but
• not appropriate for applications that require
  other communications primitives
• Multicast
• Anycast
• Mobility
• Service composition

3
Our solution Internet Indirection Infrastructure
(i3)

• Each packet is associated an identifier id
• To receive a packet with identifier id, receiver
  R maintains a trigger (id, R) into the overlay
  network

Sender
Receiver (R)
4
Service Model

• API
• sendPacket(p)
• insertTrigger(t)
• removeTrigger(t) // optional
• Best-effort service model (like IP)
• Triggers periodically refreshed by end-hosts
• ID length 256 bits

5
Mobility

• Host just needs to update its trigger as it moves
  from one subnet to another

Sender
6
Multicast

• Receivers insert triggers with same identifier
• Can dynamically switch between multicast and
  unicast

id
R1
Receiver (R1)
Sender
id
R2
Receiver (R2)
7
Anycast

• Use longest prefix matching instead of exact
  matching
• Prefix p anycast group identifier
• Suffix si encode application semantics, e.g.,
  location

Receiver (R1)
R1
ps1
R2
ps2
Sender
Receiver (R2)
R3
ps3
Receiver (R3)
8
Service Composition Sender Initiated

• Use a stack of IDs to encode sequence of
  operations to be performed on data path
• Advantages
• Dont need to configure path
• Load balancing and robustness easy to achieve

Transcoder (T)
Receiver (R)
Sender
id
R
idT
T
9
Service Composition Receiver Initiated

• Receiver can also specify the operations to be
  performed on data

Firewall (F)
Receiver (R)
Sender
idF
F
id
idF,R
10
Basic Design Decisions

• Host-controlled routing
• Semanticless IDs
• ID matching scheme

11
1) Host-Controlled Routing

• i3 gives end-hosts or/and 3rd parties the ability
  to control routing
• A trigger is like a routing entry
• Highly flexible after all routing is the main
  functionality provided by a network!
• Use cryptographic techniques to prevent most
  attacks on infrastructure
• Security implications
• Protection against DoS at i3 level a host is not
  reachable unless it inserts a path that points
  to itself
• Anonymity easy to use onion-like routing

12
2) Semanticless Identifiers

• An ID can identify anything
• Interface
• Router or end-host
• Service
• Session end-point
• A packet
• The meaning of the ID is determined by
  applications (or higher layers)
• Think of application-level resolution of IDs

13
3) ID Matching

• Longest prefix matching
• Matching multiple entries

14
Implication of Design Decisions
Host-controlled routing Sementicless IDs ID Matching
Mobility
Anycast
Multicast
Service composition
15
Open Questions

• Management
• Economic model
• Quality of service

16
Status

• i3 available as a service on Planetlab
• Support for legacy applications in Linux and
  Windows XP/2000 OCALA (Overlay Convergence
  Architecture for Legacy Applications)
• Current applications
• Mobility
• Transparent access to machines behind NATs
• Secure and transparent access to services behind
  firewalls
• Available
• http//i3.cs.berkeley.edu/i3/index.html
• http//i3.cs.berkeley.edu/OCALA/index.html