基于数据传输的网络架构仿真与性能评估技术研究
|
摘要
最初的Internet架构都严格地按照“主机-主机”的通信模式:用户显示地通过源地址和远端的另一个主机进行通信,而网络仅仅按照数据包头中的目的地址转发数据包。所以它比较适合一对已知的、静止的主机之间进行通信。然而,当今的Internet的主要用途已经从少量的控制信息传输转变为大量的数据获取,用户不再对对方的主机地址感兴趣,而是对他所需要的数据内容更加感兴趣。所以现在的Internet网络架构并不能够很好地支持这种服务。
根据分析,Internet中的命名解析和结构是需要改变的地方,所以本文使用一个与位置无关的,能自我身份认证的命名来替代DNS命名;用一个基于命名的,在IP层上的主动性的任意播(Anycast)来替代DNS的域名解析,通过REGISTER命令和FIND命令来注册和查找相应数据,结合数据缓存技术,自我身份认证技术和虚拟路由技术,提出了一种基于数据传输的网络架构(DONA)。
这种DONA相比起传统的Internet,它在数据的传输和服务的获取上有着更好的永久性,可用性和真实性。它同时能很好地扩展支持网络层上的数据缓存服务。
在DONA网络中,数据命名本身就提供了自我身份认证的功能,从而使网络本身能避免安全性这个瓶颈,而更加关注于网络本身的可扩展性和可用性。
本文使用虚拟路由技术来实现DONA网络中的数据路由模块,使它拥有较好的灵活性,同时易于在现有的网络环境下部署。
最后,本文使用NS2对DONA网络的数据传输性能进行了仿真测试,使用PlanetLab对用虚拟路由器实现的RH进行了负载测试,并通过数据分析了DONA网络的可行性,证明了DONA网络更加适合Internet网络今后的发展方向。
The first Internet network architecture focused strictly on host-to-host communication: The user explicitly directed the source to communicate with another host, and the network’s only role was to carry packets to the destination address in the packet header. So it is well-suited for communication between pairs of stationary hosts. Today, however, the vast majority of Internet usage is data retrieval and service access, where the user cares about content and is oblivious to location. The current architecture can support this functionality, as is obvious from its prevalence on the Internet, but it does not fit comfortably within the host-to-host model.
Our research suggests that most of the necessary changes reside in how Internet names are structured and resolved. We propose replacing DNS names with flat, self-certifying names, and replacing DNS name resolution with a name-based anycast primitive that lives above the IP layer. We call the resulting design the Data-Oriented Network Architecture (DONA).
Compared to traditional Internet, DONA has better persistence, availability and authenticity in data transmission and service access. And it also supports data cache in network layer well.
In DONA, data naming is self-certifying. Relieved of the burden of securing a path or setting up a PKI, the network can focus on maximizing persistence and availability.
In the paper, virtual router technology is used to implement data routing module, which makes DONA more flexible and easy to be deployed on the current network environment.
At last, NS2 is used to simulate and evaluate the performance of data transmission in DONA network, and PlanetLab is used to measure the burden of virtual router implementing RH. Through some Internet data, we analysis the feasibility of DONA deployed on current Internet, to prove that DONA is the future of Internet.
根据分析,Internet中的命名解析和结构是需要改变的地方,所以本文使用一个与位置无关的,能自我身份认证的命名来替代DNS命名;用一个基于命名的,在IP层上的主动性的任意播(Anycast)来替代DNS的域名解析,通过REGISTER命令和FIND命令来注册和查找相应数据,结合数据缓存技术,自我身份认证技术和虚拟路由技术,提出了一种基于数据传输的网络架构(DONA)。
这种DONA相比起传统的Internet,它在数据的传输和服务的获取上有着更好的永久性,可用性和真实性。它同时能很好地扩展支持网络层上的数据缓存服务。
在DONA网络中,数据命名本身就提供了自我身份认证的功能,从而使网络本身能避免安全性这个瓶颈,而更加关注于网络本身的可扩展性和可用性。
本文使用虚拟路由技术来实现DONA网络中的数据路由模块,使它拥有较好的灵活性,同时易于在现有的网络环境下部署。
最后,本文使用NS2对DONA网络的数据传输性能进行了仿真测试,使用PlanetLab对用虚拟路由器实现的RH进行了负载测试,并通过数据分析了DONA网络的可行性,证明了DONA网络更加适合Internet网络今后的发展方向。
The first Internet network architecture focused strictly on host-to-host communication: The user explicitly directed the source to communicate with another host, and the network’s only role was to carry packets to the destination address in the packet header. So it is well-suited for communication between pairs of stationary hosts. Today, however, the vast majority of Internet usage is data retrieval and service access, where the user cares about content and is oblivious to location. The current architecture can support this functionality, as is obvious from its prevalence on the Internet, but it does not fit comfortably within the host-to-host model.
Our research suggests that most of the necessary changes reside in how Internet names are structured and resolved. We propose replacing DNS names with flat, self-certifying names, and replacing DNS name resolution with a name-based anycast primitive that lives above the IP layer. We call the resulting design the Data-Oriented Network Architecture (DONA).
Compared to traditional Internet, DONA has better persistence, availability and authenticity in data transmission and service access. And it also supports data cache in network layer well.
In DONA, data naming is self-certifying. Relieved of the burden of securing a path or setting up a PKI, the network can focus on maximizing persistence and availability.
In the paper, virtual router technology is used to implement data routing module, which makes DONA more flexible and easy to be deployed on the current network environment.
At last, NS2 is used to simulate and evaluate the performance of data transmission in DONA network, and PlanetLab is used to measure the burden of virtual router implementing RH. Through some Internet data, we analysis the feasibility of DONA deployed on current Internet, to prove that DONA is the future of Internet.
引文
[1] Abilene. http://abilene.internet2.edu.
[2] H. Balakrishnan, K. Lakshminarayanan, S. Ratnasamy, S. Shenker, I. Stoica, and M. Walfish. A Layered Naming Architecture for the Internet. In Proc. of ACM SIGCOMM ’04, pages 343–352,Portland, OR, USA, Aug. 2004.
[3] M. Blumenthal and D. Clark. Rethinking the design of the Internet: The End-to-End arguments vs. The Brave New World. ACM TOIT, pages 70–109, 2001.
[4] M. Caesar, D. Caldwell, N. Feamster, J. Rexford, A. Shaikh, and K. van der Merwe. Design and Implementation of a Routing Control Platform. In Proc. of NSDI ’05, Boston, MA, USA, May 2005.
[5] M. Caesar, T. Condie, J. Kannan, K. Lakshminarayanan, S. Shenker, and I. Stoica. Routing on Flat Labels. In Proc. of ACM SIGCOMM ’06, pages 363–374, Pisa, Italy, Sept. 2006.
[6] V. Cerf, S. Burleigh, A. Hooke, L. Torgerson, R. Durst, K. Scott, K. Fall, and H. Weiss. Delay Tolerant Networking Architecture. Internet Draft, IETF, Dec. 2006.
[7] D. Clark and D. Tennenhouse. Architectural Consideration for a New Generation of Protocols. In Proc. of ACM SIGCOMM ’90, pages 200–208, Philadelphia, USA, 1990.
[8] C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Yl¨onen. SPKI Certificate Theory. RFC 2693, IETF, Sept. 1999.
[9] K. Fall. A Delay-Tolerant Network Architecture for Challenged Internets. In Proc. of ACM SIGCOMM ’03, pages 27–34, Karlsruhe, Germany, 2003.
[10] R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-Lee. Hypertext Transfer Protocol: HTTP/1.1. RFC 2616, IETF, June 1999.
[11] B. Ford, J. Strauss, C. Lesniewski-Laas, S. Rhea, F. Kaashoek, and R. Morris. Persistent Personal Names for Globally Connected Mobile Devices. In Proc. of OSDI 2006, Seattle, WA, USA, Nov. 2006.
[12] P. Francis and R. Gummadi. IPNL: A NAT-extended Internet Architecture. In Proc. ofACM SIGCOMM ’01, volume 31, pages 69–80, San Diego, CA, USA, Aug. 2001.
[13] M. J. Freedman, K. Lakshminarayanan, and D. Mazi`eres. OASIS: Anycast for Any Service. In Proc. of NSDI ’06, pages 129–142, San Jose, CA, USA, May 2006.
[14] D. Funato, K. Yasuda, and H. Tokuda. TCP-R: TCP Mobility Support for Continuous Operation. In Proc. of ICNP ’97, pages 229–236, Atlanta, GA, USA 1997.
[15] GEANT2. http://www.geant2.net.
[16] M. Gritter and D. R. Cheriton. TRIAD: A New Next-Generation Internet Architecture. http://www-dsg.stanford.edu/triad/, July 2000.
[17] A. Gulli and A. Signorini. The Indexable Web Is More Than 11.5 Billion Pages. In Special Interest Tracks and Posters of The 14th International Conference on World Wide Web, WWW ’05, pages 902–903, Chiba, Japan, 2005.
[18] M. Handley and A. Greenhalgh. Steps Towards a DoS-resistant Internet Architecture. In Proc. of ACM SIGCOMM FDNA ’04, pages 49–56, Portland, OR, USA, Aug. 2004.
[19] D. V. Krioukov, K. R. Fall, and X. Yang. Compact Routing on Internet-like Graphs. In Proc. of IEEE INFOCOM, Hong Kong, Mar. 2004.
[20] J. Li, M. N. Krohn, D. Mazi`eres, and D. Shasha. Secure Untrusted Data Repository (SUNDR). In Proc. of OSDI 2004, pages 121–136, San Francisco, CA, USA, Dec. 2004.
[21] D. Mazi`eres, M. Kaminsky, M. F. Kaashoek, and E. Witchel. Separating Key Management from File System Security. In Proc. of SOSP ’99, pages 124–139, Charleston, SC, USA, Dec. 1999.
[22] D. Meyer, L. Zhang, and K. Fall. Report from the IAB Workshop on Routing and Addressing. Internet Draft, IETF, Dec. 2006.
[23] R. Moskowitz and P. Nikander. Host Identity Protocol Architecture. RFC 4423, IETF, May 2006.
[24] A. Nandi, A. Ganjam, P. Druschel, T. Eugene, I. Stoica, and H. Zhang. A Shared Control Plane for Overlay Multicast. In Proc. of NSDI ’07, Apr. 2007.
[25] T. Okamoto and J. Stern. Almost Uniform Density of Power Residues and the Provable Security of ESIGN. In ASIACRYPT, volume 2894 of LNCS, pages 287–301, Dec. 2003.
[26] L. Ong and J. Yoakum. An Introduction to the Stream Control Transmission Protocol(SCTP). RFC 3286, IETF, May 2002.
[27] J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, and E. Schooler. SIP: Session Initiation Protocol. RFC 3261, IETF, June 2002.
[28] J. Scott, P. Hui, J. Crowcroft, and C. Diot. Haggle: A Networking Architecture Designed Around MobileUsers. In Proc. of IFIP WONS, Dec. 2006.
[29] M. A. C. Snoeren. A Session-based Architecture for Internet Mobility. PhD thesis, MIT, Department of Electrical Engineering and Computer Science, Feb. 2003.
[30] N. Tolia, M. Kaminsky, D. G. Andersen, and S. Patil. An Architecture for Internet Data Transfer. In Proc. Of NSDI ’06, pages 253–266, San Jose, CA, USA, May 2006.
[31] M. Walfish, H. Balakrishnan, and S. Shenker. Untangling the Web from DNS. In Proc. of NSDI ’04, pages 225–238, San Francisco, CA, USA, Mar. 2004.
[32] M. Walfish, J. Stribling, M. Krohn, H. Balakrishnan, R. Morris, and S. Shenker. Middleboxes No Longer Considered Harmful. In Proc. of OSDI 2004, pages 215–230, San Francisco, CA, USA, Dec. 2004.
[33] M. Walfish, J. D. Zamfirescu, H. Balakrishnan, D. Karger, and S. Shenker. Distributed Quota Enforcement for Spam Control. In Proc. of NSDI ’06, pages 281–296, San Jose, CA, USA, May 2006.
[34] D. Wendlandt, I. Avramopoulos, D. G. Andersen, and J. Rexford. Don’t Secure Routing Protocols, Secure Data Delivery. In Proc. of Hot Topics in Networks, Irvine, CA, USA, Nov. 2006.
[35] A. Yaar, A. Perrig, and D. Song. SIFF: A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks. In Proc. of IEEE Symposium on Security and Privacy, pages 130–143, Oakland, CA, USA, 2004.
[36] X. Yang, D. Clark, and A. Berger. NIRA: A New Inter-Domain Routing Architecture. IEEE/ACM Transactions on Networking (to appear), Dec. 2007.
[37] X. Yang, D. Wetherall, and T. Anderson. A DoS-limiting Network Architecture. In Proc. of ACM SIGCOMM ’05, pages 241–252, 2005.
[38] 李铎锋,《支持远程多用户并发控制的虚拟网络模型研究》,2006.1
[39] 王俊,杨树堂,陆松年,《基于高层虚拟交换的 BGP/MPLS VPN 系统研究》,《计算机应用研究》,2007 年 01 期
[40] 陈盈盈,杨树堂,陆松年,《虚拟路由器及其在 BGP/MPLS VPN 中的应用研究》,《计算机工程》,2007 年 01 期
[2] H. Balakrishnan, K. Lakshminarayanan, S. Ratnasamy, S. Shenker, I. Stoica, and M. Walfish. A Layered Naming Architecture for the Internet. In Proc. of ACM SIGCOMM ’04, pages 343–352,Portland, OR, USA, Aug. 2004.
[3] M. Blumenthal and D. Clark. Rethinking the design of the Internet: The End-to-End arguments vs. The Brave New World. ACM TOIT, pages 70–109, 2001.
[4] M. Caesar, D. Caldwell, N. Feamster, J. Rexford, A. Shaikh, and K. van der Merwe. Design and Implementation of a Routing Control Platform. In Proc. of NSDI ’05, Boston, MA, USA, May 2005.
[5] M. Caesar, T. Condie, J. Kannan, K. Lakshminarayanan, S. Shenker, and I. Stoica. Routing on Flat Labels. In Proc. of ACM SIGCOMM ’06, pages 363–374, Pisa, Italy, Sept. 2006.
[6] V. Cerf, S. Burleigh, A. Hooke, L. Torgerson, R. Durst, K. Scott, K. Fall, and H. Weiss. Delay Tolerant Networking Architecture. Internet Draft, IETF, Dec. 2006.
[7] D. Clark and D. Tennenhouse. Architectural Consideration for a New Generation of Protocols. In Proc. of ACM SIGCOMM ’90, pages 200–208, Philadelphia, USA, 1990.
[8] C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Yl¨onen. SPKI Certificate Theory. RFC 2693, IETF, Sept. 1999.
[9] K. Fall. A Delay-Tolerant Network Architecture for Challenged Internets. In Proc. of ACM SIGCOMM ’03, pages 27–34, Karlsruhe, Germany, 2003.
[10] R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-Lee. Hypertext Transfer Protocol: HTTP/1.1. RFC 2616, IETF, June 1999.
[11] B. Ford, J. Strauss, C. Lesniewski-Laas, S. Rhea, F. Kaashoek, and R. Morris. Persistent Personal Names for Globally Connected Mobile Devices. In Proc. of OSDI 2006, Seattle, WA, USA, Nov. 2006.
[12] P. Francis and R. Gummadi. IPNL: A NAT-extended Internet Architecture. In Proc. ofACM SIGCOMM ’01, volume 31, pages 69–80, San Diego, CA, USA, Aug. 2001.
[13] M. J. Freedman, K. Lakshminarayanan, and D. Mazi`eres. OASIS: Anycast for Any Service. In Proc. of NSDI ’06, pages 129–142, San Jose, CA, USA, May 2006.
[14] D. Funato, K. Yasuda, and H. Tokuda. TCP-R: TCP Mobility Support for Continuous Operation. In Proc. of ICNP ’97, pages 229–236, Atlanta, GA, USA 1997.
[15] GEANT2. http://www.geant2.net.
[16] M. Gritter and D. R. Cheriton. TRIAD: A New Next-Generation Internet Architecture. http://www-dsg.stanford.edu/triad/, July 2000.
[17] A. Gulli and A. Signorini. The Indexable Web Is More Than 11.5 Billion Pages. In Special Interest Tracks and Posters of The 14th International Conference on World Wide Web, WWW ’05, pages 902–903, Chiba, Japan, 2005.
[18] M. Handley and A. Greenhalgh. Steps Towards a DoS-resistant Internet Architecture. In Proc. of ACM SIGCOMM FDNA ’04, pages 49–56, Portland, OR, USA, Aug. 2004.
[19] D. V. Krioukov, K. R. Fall, and X. Yang. Compact Routing on Internet-like Graphs. In Proc. of IEEE INFOCOM, Hong Kong, Mar. 2004.
[20] J. Li, M. N. Krohn, D. Mazi`eres, and D. Shasha. Secure Untrusted Data Repository (SUNDR). In Proc. of OSDI 2004, pages 121–136, San Francisco, CA, USA, Dec. 2004.
[21] D. Mazi`eres, M. Kaminsky, M. F. Kaashoek, and E. Witchel. Separating Key Management from File System Security. In Proc. of SOSP ’99, pages 124–139, Charleston, SC, USA, Dec. 1999.
[22] D. Meyer, L. Zhang, and K. Fall. Report from the IAB Workshop on Routing and Addressing. Internet Draft, IETF, Dec. 2006.
[23] R. Moskowitz and P. Nikander. Host Identity Protocol Architecture. RFC 4423, IETF, May 2006.
[24] A. Nandi, A. Ganjam, P. Druschel, T. Eugene, I. Stoica, and H. Zhang. A Shared Control Plane for Overlay Multicast. In Proc. of NSDI ’07, Apr. 2007.
[25] T. Okamoto and J. Stern. Almost Uniform Density of Power Residues and the Provable Security of ESIGN. In ASIACRYPT, volume 2894 of LNCS, pages 287–301, Dec. 2003.
[26] L. Ong and J. Yoakum. An Introduction to the Stream Control Transmission Protocol(SCTP). RFC 3286, IETF, May 2002.
[27] J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, and E. Schooler. SIP: Session Initiation Protocol. RFC 3261, IETF, June 2002.
[28] J. Scott, P. Hui, J. Crowcroft, and C. Diot. Haggle: A Networking Architecture Designed Around MobileUsers. In Proc. of IFIP WONS, Dec. 2006.
[29] M. A. C. Snoeren. A Session-based Architecture for Internet Mobility. PhD thesis, MIT, Department of Electrical Engineering and Computer Science, Feb. 2003.
[30] N. Tolia, M. Kaminsky, D. G. Andersen, and S. Patil. An Architecture for Internet Data Transfer. In Proc. Of NSDI ’06, pages 253–266, San Jose, CA, USA, May 2006.
[31] M. Walfish, H. Balakrishnan, and S. Shenker. Untangling the Web from DNS. In Proc. of NSDI ’04, pages 225–238, San Francisco, CA, USA, Mar. 2004.
[32] M. Walfish, J. Stribling, M. Krohn, H. Balakrishnan, R. Morris, and S. Shenker. Middleboxes No Longer Considered Harmful. In Proc. of OSDI 2004, pages 215–230, San Francisco, CA, USA, Dec. 2004.
[33] M. Walfish, J. D. Zamfirescu, H. Balakrishnan, D. Karger, and S. Shenker. Distributed Quota Enforcement for Spam Control. In Proc. of NSDI ’06, pages 281–296, San Jose, CA, USA, May 2006.
[34] D. Wendlandt, I. Avramopoulos, D. G. Andersen, and J. Rexford. Don’t Secure Routing Protocols, Secure Data Delivery. In Proc. of Hot Topics in Networks, Irvine, CA, USA, Nov. 2006.
[35] A. Yaar, A. Perrig, and D. Song. SIFF: A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks. In Proc. of IEEE Symposium on Security and Privacy, pages 130–143, Oakland, CA, USA, 2004.
[36] X. Yang, D. Clark, and A. Berger. NIRA: A New Inter-Domain Routing Architecture. IEEE/ACM Transactions on Networking (to appear), Dec. 2007.
[37] X. Yang, D. Wetherall, and T. Anderson. A DoS-limiting Network Architecture. In Proc. of ACM SIGCOMM ’05, pages 241–252, 2005.
[38] 李铎锋,《支持远程多用户并发控制的虚拟网络模型研究》,2006.1
[39] 王俊,杨树堂,陆松年,《基于高层虚拟交换的 BGP/MPLS VPN 系统研究》,《计算机应用研究》,2007 年 01 期
[40] 陈盈盈,杨树堂,陆松年,《虚拟路由器及其在 BGP/MPLS VPN 中的应用研究》,《计算机工程》,2007 年 01 期