3,888 research outputs found
Content-Centric Networking at Internet Scale through The Integration of Name Resolution and Routing
We introduce CCN-RAMP (Routing to Anchors Matching Prefixes), a new approach
to content-centric networking. CCN-RAMP offers all the advantages of the Named
Data Networking (NDN) and Content-Centric Networking (CCNx) but eliminates the
need to either use Pending Interest Tables (PIT) or lookup large Forwarding
Information Bases (FIB) listing name prefixes in order to forward Interests.
CCN-RAMP uses small forwarding tables listing anonymous sources of Interests
and the locations of name prefixes. Such tables are immune to Interest-flooding
attacks and are smaller than the FIBs used to list IP address ranges in the
Internet. We show that no forwarding loops can occur with CCN-RAMP, and that
Interests flow over the same routes that NDN and CCNx would maintain using
large FIBs. The results of simulation experiments comparing NDN with CCN-RAMP
based on ndnSIM show that CCN-RAMP requires forwarding state that is orders of
magnitude smaller than what NDN requires, and attains even better performance
Backscatter from the Data Plane --- Threats to Stability and Security in Information-Centric Networking
Information-centric networking proposals attract much attention in the
ongoing search for a future communication paradigm of the Internet. Replacing
the host-to-host connectivity by a data-oriented publish/subscribe service
eases content distribution and authentication by concept, while eliminating
threats from unwanted traffic at an end host as are common in today's Internet.
However, current approaches to content routing heavily rely on data-driven
protocol events and thereby introduce a strong coupling of the control to the
data plane in the underlying routing infrastructure. In this paper, threats to
the stability and security of the content distribution system are analyzed in
theory and practical experiments. We derive relations between state resources
and the performance of routers and demonstrate how this coupling can be misused
in practice. We discuss new attack vectors present in its current state of
development, as well as possibilities and limitations to mitigate them.Comment: 15 page
Toward incremental FIB aggregation with quick selections (FAQS)
Several approaches to mitigating the Forwarding Information Base (FIB)
overflow problem were developed and software solutions using FIB aggregation
are of particular interest. One of the greatest concerns to deploy these
algorithms to real networks is their high running time and heavy computational
overhead to handle thousands of FIB updates every second. In this work, we
manage to use a single tree traversal to implement faster aggregation and
update handling algorithm with much lower memory footprint than other existing
work. We utilize 6-year realistic IPv4 and IPv6 routing tables from 2011 to
2016 to evaluate the performance of our algorithm with various metrics. To the
best of our knowledge, it is the first time that IPv6 FIB aggregation has been
performed. Our new solution is 2.53 and 1.75 times as fast as
the-state-of-the-art FIB aggregation algorithm for IPv4 and IPv6 FIBs,
respectively, while achieving a near-optimal FIB aggregation ratio
Towards Loop-Free Forwarding of Anonymous Internet Datagrams that Enforce Provenance
The way in which addressing and forwarding are implemented in the Internet
constitutes one of its biggest privacy and security challenges. The fact that
source addresses in Internet datagrams cannot be trusted makes the IP Internet
inherently vulnerable to DoS and DDoS attacks. The Internet forwarding plane is
open to attacks to the privacy of datagram sources, because source addresses in
Internet datagrams have global scope. The fact an Internet datagrams are
forwarded based solely on the destination addresses stated in datagram headers
and the next hops stored in the forwarding information bases (FIB) of relaying
routers allows Internet datagrams to traverse loops, which wastes resources and
leaves the Internet open to further attacks. We introduce PEAR (Provenance
Enforcement through Addressing and Routing), a new approach for addressing and
forwarding of Internet datagrams that enables anonymous forwarding of Internet
datagrams, eliminates many of the existing DDoS attacks on the IP Internet, and
prevents Internet datagrams from looping, even in the presence of routing-table
loops.Comment: Proceedings of IEEE Globecom 2016, 4-8 December 2016, Washington,
D.C., US
ADN: An Information-Centric Networking Architecture for the Internet of Things
Forwarding data by name has been assumed to be a necessary aspect of an
information-centric redesign of the current Internet architecture that makes
content access, dissemination, and storage more efficient. The Named Data
Networking (NDN) and Content-Centric Networking (CCNx) architectures are the
leading examples of such an approach. However, forwarding data by name incurs
storage and communication complexities that are orders of magnitude larger than
solutions based on forwarding data using addresses. Furthermore, the specific
algorithms used in NDN and CCNx have been shown to have a number of
limitations. The Addressable Data Networking (ADN) architecture is introduced
as an alternative to NDN and CCNx. ADN is particularly attractive for
large-scale deployments of the Internet of Things (IoT), because it requires
far less storage and processing in relaying nodes than NDN. ADN allows things
and data to be denoted by names, just like NDN and CCNx do. However, instead of
replacing the waist of the Internet with named-data forwarding, ADN uses an
address-based forwarding plane and introduces an information plane that
seamlessly maps names to addresses without the involvement of end-user
applications. Simulation results illustrate the order of magnitude savings in
complexity that can be attained with ADN compared to NDN.Comment: 10 page
Internet routing paths stability model and relation to forwarding paths
Analysis of real datasets to characterize the local stability properties of the Internet routing paths suggests that extending the route selection criteria to account for such property would not increase the routing path length. Nevertheless, even if selecting a more stable routing path could be considered as valuable from a routing perspective, it does not necessarily imply that the associated forwarding path would be more stable. Hence, if the dynamics of the Internet routing and forwarding system show different properties, then one can not straightforwardly derive the one from the other. If this assumption is verified, then the relationship between the stability of the forwarding path (followed by the traffic) and the corresponding routing path as selected by the path-vector routing algorithm requires further characterization. For this purpose, we locally relate, i.e., at the router level, the stability properties of routing path with the corresponding forwarding path. The proposed stability model and measurement results verify this assumption and show that, although the main cause of instability results from the forwarding plane, a second order effect relates forwarding and routing path instability events. This observation provides the first indication that differential stability can safely be taken into account as part of the route selection process
- …