275 research outputs found
Data Structures and Algorithms for Scalable NDN Forwarding
Named Data Networking (NDN) is a recently proposed general-purpose network architecture that aims to address the limitations of the Internet Protocol (IP), while maintaining its strengths. NDN takes an information-centric approach, focusing on named data rather than computer addresses. In NDN, the content is identified by its name, and each NDN packet has a name that specifies the content it is fetching or delivering. Since there are no source and destination addresses in an NDN packet, it is forwarded based on a lookup of its name in the forwarding plane, which consists of the Forwarding Information Base (FIB), Pending Interest Table (PIT), and Content Store (CS). In addition, as an in-network caching element, a scalable Repository (Repo) design is needed to provide large-scale long-term content storage in NDN networks.
Scalable NDN forwarding is a challenge. Compared to the well-understood approaches to IP forwarding, NDN forwarding performs lookups on packet names, which have variable and unbounded lengths, increasing the lookup complexity. The lookup tables are larger than in IP, requiring more memory space. Moreover, NDN forwarding has a read-write data plane, requiring per-packet updates at line rates. Designing and evaluating a scalable NDN forwarding node architecture is a major effort within the overall NDN research agenda.
The goal of this dissertation is to demonstrate that scalable NDN forwarding is feasible with the proposed data structures and algorithms. First, we propose a FIB lookup design based on the binary search of hash tables that provides a reliable longest name prefix lookup performance baseline for future NDN research. We have demonstrated 10 Gbps forwarding throughput with 256-byte packets and one billion synthetic forwarding rules, each containing up to seven name components. Second, we explore data structures and algorithms to optimize the FIB design based on the specific characteristics of real-world forwarding datasets. Third, we propose a fingerprint-only PIT design that reduces the memory requirements in the core routers. Lastly, we discuss the Content Store design issues and demonstrate that the NDN Repo implementation can leverage many of the existing databases and storage systems to improve performance
Linux XIA: an interoperable meta network architecture to crowdsource the future Internet
With the growing number of proposed clean-slate redesigns of the Internet, the need for a medium that enables all stakeholders to participate in the realization, evaluation, and selection of these designs is increasing. We believe that the missing catalyst is a meta network architecture that welcomes most, if not all, clean-state designs on a level playing field, lowers deployment barriers, and leaves the final evaluation to the broader community. This paper presents Linux XIA, a native implementation of XIA [12] in the Linux kernel, as a candidate. We first describe Linux XIA in terms of its architectural realizations and algorithmic contributions. We then demonstrate how to port several distinct and unrelated network architectures onto Linux XIA. Finally, we provide a hybrid evaluation of Linux XIA at three levels of abstraction in terms of its ability to: evolve and foster interoperation of new architectures, embed disparate architectures inside the implementation’s framework, and maintain a comparable forwarding performance to that of the legacy TCP/IP implementation. Given this evaluation, we substantiate a previously unsupported claim of XIA: that it readily supports and enables network evolution, collaboration, and interoperability—traits we view as central to the success of any future Internet architecture.This research was supported by the National Science Foundation under awards CNS-1040800, CNS-1345307 and CNS-1347525
Access Control Mechanisms in Named Data Networks:A Comprehensive Survey
Information-Centric Networking (ICN) has recently emerged as a prominent
candidate for the Future Internet Architecture (FIA) that addresses existing
issues with the host-centric communication model of the current TCP/IP-based
Internet. Named Data Networking (NDN) is one of the most recent and active ICN
architectures that provides a clean slate approach for Internet communication.
NDN provides intrinsic content security where security is directly provided to
the content instead of communication channel. Among other security aspects,
Access Control (AC) rules specify the privileges for the entities that can
access the content. In TCP/IP-based AC systems, due to the client-server
communication model, the servers control which client can access a particular
content. In contrast, ICN-based networks use content names to drive
communication and decouple the content from its original location. This
phenomenon leads to the loss of control over the content causing different
challenges for the realization of efficient AC mechanisms. To date,
considerable efforts have been made to develop various AC mechanisms in NDN. In
this paper, we provide a detailed and comprehensive survey of the AC mechanisms
in NDN. We follow a holistic approach towards AC in NDN where we first
summarize the ICN paradigm, describe the changes from channel-based security to
content-based security and highlight different cryptographic algorithms and
security protocols in NDN. We then classify the existing AC mechanisms into two
main categories: Encryption-based AC and Encryption-independent AC. Each
category has different classes based on the working principle of AC (e.g.,
Attribute-based AC, Name-based AC, Identity-based AC, etc). Finally, we present
the lessons learned from the existing AC mechanisms and identify the challenges
of NDN-based AC at large, highlighting future research directions for the
community.Comment: This paper has been accepted for publication by the ACM Computing
Surveys. The final version will be published by the AC
Study and analysis of innovative network protocols and architectures
In the last years, some new paradigms are emerging in the networking area as inspiring models for the definition of future communications networks. A key example is certainly the Content Centric Networking (CCN) protocol suite, namely a novel network architecture that aims to supersede the current TCP/IP stack in favor of a name based routing algorithm, also introducing in-network caching capabilities. On the other hand, much interest has been placed on Software Defined Networking (SDN), namely the set of protocols and architectures designed to make network devices more dynamic and programmable. Given this complex arena, the thesis focuses on the analysis of these innovative network protocols, with the aim of exploring possible design flaws and hence guaranteeing their proper operation when actually deployed in the network. Particular emphasis is given to the security of these protocols, for its essential role in every wide scale application. Some work has been done in this direction, but all these solutions are far to be considered fully investigated. In the CCN case, a closer investigation on problems related to possible DDoS attacks due to the stateful nature of the protocol, is presented along with a full-fledged proposal to support scalable PUSH application on top of CCN. Concerning SDN, instead, we present a tool for the verification of network policies in complex graphs containing dynamic network functions. In order to obtain significant results, we leverage different tools and methodologies: on the one hand, we assess simulation software as very useful tools for representing the most common use cases for the various technologies. On the other hand, we exploit more sophisticated formal methods to ensure a higher level of confidence for the obtained results
Graph Pattern Matching on Symmetric Multiprocessor Systems
Graph-structured data can be found in nearly every aspect of today's world, be it road networks, social networks or the internet itself.
From a processing perspective, finding comprehensive patterns in graph-structured data is a core processing primitive in a variety of applications, such as fraud detection, biological engineering or social graph analytics.
On the hardware side, multiprocessor systems, that consist of multiple processors in a single scale-up server, are the next important wave on top of multi-core systems.
In particular, symmetric multiprocessor systems (SMP) are characterized by the fact, that each processor has the same architecture, e.g. every processor is a multi-core and all multiprocessors share a common and huge main memory space.
Moreover, large SMPs will feature a non-uniform memory access (NUMA), whose impact on the design of efficient data processing concepts should not be neglected.
The efficient usage of SMP systems, that still increase in size, is an interesting and ongoing research topic.
Current state-of-the-art architectural design principles provide different and in parts disjunct suggestions on which data should be partitioned and or how intra-process communication should be realized.
In this thesis, we propose a new synthesis of four of the most well-known principles Shared Everything, Partition Serial Execution, Data Oriented Architecture and Delegation, to create the NORAD architecture, which stands for NUMA-aware DORA with Delegation.
We built our research prototype called NeMeSys on top of the NORAD architecture to fully exploit the provided hardware capacities of SMPs for graph pattern matching.
Being an in-memory engine, NeMeSys allows for online data ingestion as well as online query generation and processing through a terminal based user interface.
Storing a graph on a NUMA system inherently requires data partitioning to cope with the mentioned NUMA effect.
Hence, we need to dissect the graph into a disjunct set of partitions, which can then be stored on the individual memory domains.
This thesis analyzes the capabilites of the NORAD architecture, to perform scalable graph pattern matching on SMP systems.
To increase the systems performance, we further develop, integrate and evaluate suitable optimization techniques.
That is, we investigate the influence of the inherent data partitioning, the interplay of messaging with and without sufficient locality information and the actual partition placement on any NUMA socket in the system.
To underline the applicability of our approach, we evaluate NeMeSys against synthetic datasets and perform an end-to-end evaluation of the whole system stack on the real world knowledge graph of Wikidata
Recommended from our members
Availability, Integrity, and Confidentiality for Content Centric Network internet architectures
The Internet as we know it today, despite being ``the result of a series of accidents of choices'' in Prof. Jon Crowcroft's words, has undoubtedly been an amazing success story. However, it has been constantly challenged by the demands of the overwhelming evolution of data traffic types, non-functional needs of applications and users, and device diversity. The phrase ``future internet architecture'' can be interpreted as referring to a revised set of design principles. As Dr David Clark rightfully suggested, we need to ``allow for the future in the face of the present''. Content Centric Networking (CCN) is one of the candidates for a future internet architecture. Security is one of the most significant considerations while designing a future internet architecture. Availability, Integrity, and Confidentiality (AIC) are considered the three most crucial components of security: 1) availability is the assurance of continuous, reliable, and uninterrupted access to the information by authorized people, 2) integrity is the preservation of information and prevention of any change in it caused via accident or malicious intent, and 3) confidentiality is the ability to keep the information secret from unintended audience, intruders, and adversaries. This thesis discusses AIC related security threats and corresponding remedies for Named Data Networking (NDN) which is a promising example of CCN. It also presents a system dynamics modelling approach to bridge the gap between the technical solutions and business strategy by quantifying some of the qualitative variables salient to technology architects, policymakers, lawmakers, regulators, and internet service providers for the design of a future-proof internet architecture
- …