ocala: an architecture for supporting legacy applications over overlays
DESCRIPTION
OCALA: An Architecture for Supporting Legacy Applications over Overlays. Dilip Antony Joseph 1 , Jayanth Kannan 1 , Ayumu Kubota 2 , Karthik Lakshminarayanan 1 , Ion Stoica 1 , Klaus Wehrle 3. 1 UC Berkeley, 2 KDDI Labs, 3 University of Tübingen. Motivation. インターネットインフラストラクチャの改変は成功していない - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/1.jpg)
OCALA: An Architecture for Supporting Legacy Applications
over Overlays
Dilip Antony Joseph1, Jayanth Kannan1, Ayumu Kubota2, Karthik Lakshminarayanan1, Ion
Stoica1, Klaus Wehrle3
1UC Berkeley, 2KDDI Labs, 3University of Tübingen
![Page 2: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/2.jpg)
Motivation• インターネットインフラストラクチャの改変は成功してい
ない– Mobile IP, IP multicast, Intserv
• オーバレイネットワークはインターネットを改変せずに新しい機能を提供できる– RON : resilience to path failures– i3 : mobility, NAT traversal, anycast, multicast– OverQOS : quality of service
• しかし普及している実装はない• 少しずつ普及させたい• そのために、一般的なアプリケーションをオーバレイネッ
トワークで利用できればよい (Firefox, IE, samba, ssh)
![Page 3: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/3.jpg)
Legacy Applications on Overlays
• Approach 1 : アプリケーションの再実装– 時間がかかる、面倒である、クローズドソー
スだと不可能である
• Approach 2 : そのままアプリケーションが実行可能なオーバレイネットワークの作成
![Page 4: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/4.jpg)
Goals• 透過性
– Legacy apps unaware of overlay• 相互運用性
– Hosts in different overlays should be able to talk to each other
• 個々のオーバレイの機能を利用可能– User control over which overlay to use, what overlay
specific properties to use• 一般的な要求事項の抽出
– Security, compression
![Page 5: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/5.jpg)
Overlay Convergence Architecture for Legacy Applications (OCALA)
Overlay Convergence (OC) Layer
Overlay(DOA, DTN, HIP, i3, RON, …)
Legacy Applications(ssh, firefox, explorer, …)
Transport Layer(TCP, UDP, …)
OC Independent (OC-I) SublayerOC Dependent (OC-D) Sublayer
Transport Layer とオーバレイの間に Overlay Convergence Layer が割り込む .
![Page 6: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/6.jpg)
複数のオーバレイネットワークへの
同時アクセス
OC-I
i3
FirefoxOC-I
RON
ssh
www.cnn.comRON
IRC ssh
…
OC
-D
i3RON
Internet
…OC-I
i3
IRC
…
Host A
Host B
Host C
IP
![Page 7: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/7.jpg)
Naming• DNS のような名前の割り当て
berkeley.pl.i3 berkeley
Interpreted by OC-I• OC-I uses suffix to invoke corresponding OC-D instance
Overlay type
Overlay instance
.pl.i3
Overlay specific name
OC-I
OC-D
Transport
Overlay
• OC-D 解決アルゴリズム– オーバレイ特有 (e.g., hashing names to IDs in i3)– 一般的な手法 (e.g., OpenDHT, DNS, address book)– ID マッピング : OC-D で利用されているフラットな ID を用いる
Interpreted by OC-D• OC-D resolves this name to an overlay specific ID/Addr (e..g, i3 ID, HIT, EID, IP addr)
![Page 8: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/8.jpg)
Bridging Overlays• ホスト A のアプリケーションが foo.ron_bar.i3 への DNS リクエストを
だす• A は bar.i3 (B) over i3 へのトンネル作成• B は RON を解した foo.ron (C) へのトンネルを作成 • パスの構築完了
OC-I
Host A
Appl.
OC-I
Host C (foo.ron)
Appl.
OC-I
Host B (bar.i3)
i3
OC
-D
i3 RONi3 RON
RON
tunnel tunnel
path
![Page 9: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/9.jpg)
Legacy Server Gateways• サーバーは OCALA をローカルで動作させる必要はない• Legacy Server IP (LSIP) と呼ばれる Special OC-D モジュールを用い
る• LSIP は NAT のような働きをする
OC-I
Appl.
OC-I
OV LSIP
Legacy gateway
Overlay (OV) Internet
Overlay client
OV
Legacy server(www.nasa.gov)
*.gov OV…
Configuration file
![Page 10: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/10.jpg)
Legacy Client Gateways
• 同様にクライアントも OCALA をローカルで動かす必要はない
• ゲートウェイに Legacy Client IP (LCIP) モジュール
OC-I
Appl.
OC-I
LCIP OV
Legacy gateway
Overlay (OV)Internet
Legacy Client
OV
Overlay server (foo.ov)
DNSreq(foo.ov.ocalaproxy.net)
![Page 11: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/11.jpg)
Design
![Page 12: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/12.jpg)
新規接続の確立
Legacy App.
Transport Layer
OC-I Layer
OC Layer
1 DNSreq(foo.ov)
Name Res. Service (local addrbook,
DNS, OpenDHT…)
Host A
Host B (foo.ov, IDB)
Overlay(DTN, i3, RON)
i3 RON …
2 setup(foo.ov)
3 resolve(foo.ov)
4 IDB5 overlay specific
setup protocol
DNSresp(oc_handle = IPAB)8
tunnel_d = tdAB6
1.x.x.x
OCI-Setup (pdAB)7
![Page 13: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/13.jpg)
データの流れ
Overlay(DTN, i3, RON)
pdAB ↔ IPAB
pdAB tdAB
tdAB IDB
Legacy App.
Transport Layer
IPAB data
pdAB dataIPABtdAB,
pdAB dataIPABIDB
pdAB ↔ IPBA
tdBAIDA
Legacy App.
Transport Layer
IPBA data
pdAB dataIPAB
Host A (IDA) Host B (foo.ov, IDB)
OC-I
OC-D OC-D
OC-I“foo.ov” pdAB
pdAB tdBA
![Page 14: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/14.jpg)
Overlay Dependent Layer
• OC-D が OC-I に提供する API– Setup (tunnel_info)– Close (tunnel_d)– Send (tunnel_d, pkt)
• OC-D によって呼ばれる OC-I のコールバック関数– SetupDone (tunnel_d)– Recv(pkt)
• i3, RON モジュールを実装
![Page 15: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/15.jpg)
Applications
![Page 16: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/16.jpg)
Applications• 複数のオーバレイネットワークへの同時アクセス
• オーバレイの構成– 複数のオーバレイをユーザは選択して利用できる– Eg: ワイヤレス通信は i3 経由で、ワイドエリア通信は
RON 経由で
• Applications enabled by new overlays– Receiver imposed middleboxes– NAT traversal
![Page 17: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/17.jpg)
Receiver Imposed Middleboxes
OC-I
i3
Appl.
OC-I
i3
Appl.
OC-I
i3
foo.i3
i3
Host A
Bro
• 受信者 (foo.i3) はすべてのトラフィックをオーバレイの機能を用いてミドルボックスを経由して通信するようにする (e.g., i3)
Sets up connection to
foo.i3
![Page 18: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/18.jpg)
NAT Traversal Application• I3 サーバを中継に利用する• NAT 下同士のノードの直接通信を実現
NAT Box
i3
![Page 19: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/19.jpg)
実装
• プロキシとして実装– tun device used to capture packets
• Linux and Windows XP/2000 (using cygwin)上で実装
• RON and i3 OC-D モジュールを実装• セキュリティ
– SSL のような認証および暗号化
![Page 20: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/20.jpg)
制限
• パケットの中に IP アドレスを含むものは失敗する– Example: ftp, SIP
• OCALA 専用ヘッダによってオーバヘッドが発生する
• 従来のアプリケーションは、オーバレイの新しい機能を利用できない– Example: multicast
![Page 21: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/21.jpg)
まとめ
• オーバレイは“ Internet の行き詰まり”を打破する
• OCALA は従来のアプリケーションを、新しいオーバレイネットワーク上で、新しい機能を用いて動作可能にする
• OCALA は異なるオーバレイネットワークの相互運用を可能にする .
• 一般的なプロキシとして実装
![Page 22: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/22.jpg)
Thank you
More information and proxy download at http://i3.cs.berkeley.edu
![Page 23: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/23.jpg)
Sender Imposed Middleboxes
OC-I
i3
Appl.
OC-I
i3
Appl.
foo.i3
i3
Host A
• Sender wishes to force traffic to go through a transcoder not directly on the path.
OC-I
i3
mytranscoder.i3
Transcoder
• Sender wishes to communicate with foo.i3.
Sets up connection to
foo.i3
Sets up connection to foo.i3_mytranscoder.i3
![Page 24: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/24.jpg)
Transparent use of Overlays• Make legacy apps oblivious to overlays
preserve standard IP interface• OC needs to decide which overlay to use
– IP address and port number: • E.g., forward all packets to 64.236.24.8 port 80 over RON• Advantage: works with all applications• Disadvantage: hard to remember and configure
– DNS name: • E.g., forward all packets sent to berkeley.ron over RON• Advantages: human readable, flexible • Disadvantage: some applications don’t use DNS names
![Page 25: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/25.jpg)
????
![Page 26: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/26.jpg)
Goal 1: Achieving Transparency
• Make legacy apps oblivious to overlays– Preserve standard IP interface
• Deciding which overlay to use– IP address and port number :
• E.g., forward all packets sent to 64.236.24.8 port 80 over RON
– DNS name: • E.g., forward all packets sent to berkeley.ron over RON• Human readable• Easy to encode user preferences
![Page 27: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/27.jpg)
Goal 3: Customizing Overlay Functionality
• Overlays have customizable parameters– Example: OverQoS – maximum acceptable latency,
RON – which routing metric (loss, throughput) to use, i3 – enable shortcut
• Encode preferences in DNS name– Example: berkeley.mindelay.ron – Example: berkeley.maxbwdth.ron
– Max 255 characters– Long names are inconvenient
• Use regular expressions in configuration files
![Page 28: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/28.jpg)
Customizing Overlay Functionality
OC-I
i3
FirefoxOC-I
RON
ssh
RON
ftp ssh
…
OC
-D
i3RON
Internet
…
Host A
Host B
IP
berkeley.mindelay.ron
ftp
berkeley.maxbwdth.ron
![Page 29: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/29.jpg)
Goal 4: Common functionality
• Functionality required by multiple overlays implemented in the OC-I layer
• Example: Security– Similar to SSL– Modifications for supporting middleboxes
![Page 30: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/30.jpg)
Overlay Convergence Architecture for Legacy Applications
Overlay Convergence (OC) Layer
Overlay(DOA, DTN, HIP, i3, RON, …)
Legacy Applications(ssh, firefox, explorer, …)
Transport Layer(TCP, UDP, …)
OC Independent (OC-I) SublayerOC Dependent (OC-D) Sublayer
Interpose an Overlay Convergence Layer between transport layer and overlay networks.
![Page 31: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/31.jpg)
Overlay Dependent Layer
• API exposed by OC-D to OC-I layer– Setup (tunnel_info)– Close (tunnel_d)– Send (tunnel_d, pkt)
• Callbacks from OC-D to OC-I– SetupDone (tunnel_d)– Recv(pkt)
• i3, RON modules implemented
![Page 32: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/32.jpg)
i3 Middlebox Demo
OC-I
i3
Firefox
OC-I
i3
apache
OC-I
i3
Middlebox M Hello.i3
i3
Client
BRO
![Page 33: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/33.jpg)
i3
Web Server Rhello.i3
idM,idR
idhello
Middlebox MBRO IDS
IPMidM
IPRidR
ClientWeb Browser
idhellodata
idhellodata
idhellodata
idhellodata
idhellodata
i3 Middlebox Demo
![Page 34: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/34.jpg)
Home NAT Box
NAT Traversal Demo
i3
Client
IPRidR
idRdata
idRdata
Receiver R
![Page 35: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/35.jpg)
Interfacing middleboxes
OC-I
i3
Appl.
OC-I
i3
Appl.
OC-I
i3
Host M (mbox.i3) Host C (foo.i3)
i3
Host A
Middlebox
Middleboxes cleanly fit into the OC architecture.
![Page 36: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/36.jpg)
Evaluation• Micro-benchmarks
– ~20 μs overhead each for tun, OC-D and OC-I layers– DNS lookup latency
• First time : 169 μs • From cache: 15 μs
• LAN experiments– Throughput close to that of pure IP.– Latency less than double that of pure IP.
• Wide Area experiments– Throughput close to that of pure IP.– No increase in latency.
![Page 37: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/37.jpg)
Example Configuration FileAll traffic going to URLs containing “berkeley” or ending with “.gov” should first go through a firewall over i3 and then to the
destination over RON.
<PathInfo > <Match urlPattern = "*berkeley*" /> <Match urlPattern = "*.gov" /> <Security protocol = "custom SSL" mode = "endhostonly" />
<Compression algo = "zlib" level = "5" />
<Hop overlayId = "PlanetLab.i3" HopEndPointName = “firewall1.berkeley.edu.i3"
><Property name = “shortcut” value = “enabled” />
</Hop><Hop
overlayId = "PlanetLab.i3" HopEndPointName = “RON_i3_Gateway.berkeley.edu.i3"
/><Hop
overlayId = "ron.PlanetLab" />
</PathInfo>
![Page 38: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/38.jpg)
Micro-benchmarksPer-packet overhead while sending data
μs i3 RONNo Encryption Encryption No Encryption Encryption
OC-I 19 93 18 91
OC-D 20 20 28 28
tun 24 25 24 24
Per-packet overhead while receiving dataμs i3 RON
No Encryption Encryption No Encryption Encryption
OC-I 8 84 6 82
OC-D 44 43 36 35
Tun 16 20 15 16
• DNS lookup overhead– First time = 169 microseconds– From cache = 15 microseconds
![Page 39: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/39.jpg)
LAN Experiments• 2 proxies on the same LAN
milliseconds i3 i3-shortcut RON IP
No-Encryption 1.42 0.788 0.762 0.488
Encryption 1.74 1.13 1.06 NA
kbps i3 i3-shortcut RON IP
No-Encryption 9589 10504 10022 11749
Encryption 5415 5615 5445 NA
Latency
Throughput
![Page 40: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/40.jpg)
Wide Area Experiments
0
20
40
60
80
100
120
140
A --> B B --> A A --> C C --> A B --> C C --> B
Late
ncy
(ms)
i3 i3-shortcut RON IP
• Proxies running at 3 different locations.• RON and i3-with-shortcut have latency close to
pure IP.
![Page 41: OCALA: An Architecture for Supporting Legacy Applications over Overlays](https://reader030.vdocuments.pub/reader030/viewer/2022033102/56814c4e550346895db95a92/html5/thumbnails/41.jpg)
Wide Area Experiments (contd.)
0
5000
10000
15000
20000
25000
30000
35000
A --> B B --> A A --> C C --> A B --> C C --> B
Thro
ughp
ut (k
bps)
i3 i3-shortcut RON IP
• RON and i3-with-shortcut throughput >= 75% of throughput of pure IP
• Anomalous behavior of packets sent to A