IETF Logo Mail Archive

Re: [icnrg] updated cisco packet format draft

Andrea Detti <andrea.detti@uniroma2.it> Fri, 09 January 2015 18:26 UTC

Return-Path: <andrea.detti@uniroma2.it>
X-Original-To: icnrg@ietfa.amsl.com
Delivered-To: icnrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64B7A1A87E4 for <icnrg@ietfa.amsl.com>; Fri, 9 Jan 2015 10:26:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.33
X-Spam-Level:
X-Spam-Status: No, score=-2.33 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SfP96k7JcpVC for <icnrg@ietfa.amsl.com>; Fri, 9 Jan 2015 10:26:39 -0800 (PST)
Received: from smtp.uniroma2.it (smtp.uniroma2.it [160.80.6.23]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2EF031A009E for <icnrg@irtf.org>; Fri, 9 Jan 2015 10:26:37 -0800 (PST)
Received: from smtpauth.uniroma2.it (smtpauth.uniroma2.it [160.80.6.47]) by smtp.uniroma2.it (8.13.6/8.13.6) with ESMTP id t09IBF3n011945 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Fri, 9 Jan 2015 19:11:16 +0100
Received: from [192.168.0.12] (ppp-128-176.25-151.libero.it [151.25.176.128]) (authenticated bits=0) by smtpauth.uniroma2.it (8.14.3/8.14.3/Debian-9.4) with ESMTP id t09IQPiQ030466 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 9 Jan 2015 19:26:25 +0100
Message-ID: <54B01D51.7090704@uniroma2.it>
Date: Fri, 09 Jan 2015 19:26:25 +0100
From: Andrea Detti <andrea.detti@uniroma2.it>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: David Oran <daveoran@orandom.net>
References: <54AC4625.1050308@cisco.com> <54AE4CB7.80002@uniroma2.it> <54AEAE17.1060801@cisco.com> <02C7F94B-9821-4095-B865-F26DF3C50762@parc.com> <54AFADBE.3090309@uniroma2.it> <76302941-FCC9-4FC1-8FE0-AC18714242EC@orandom.net>
In-Reply-To: <76302941-FCC9-4FC1-8FE0-AC18714242EC@orandom.net>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
X-MailScanner-Information: Please contact the ISP for more information
X-MailScanner: Found to be clean
X-MailScanner-From: andrea.detti@uniroma2.it
Archived-At: <http://mailarchive.ietf.org/arch/msg/icnrg/QiHCw6kt9wX1mmt4vonNpXlvreg>
Cc: icnrg@irtf.org
Subject: Re: [icnrg] updated cisco packet format draft
X-BeenThere: icnrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Information-Centric Networking research group discussion list <icnrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/icnrg>, <mailto:icnrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/icnrg/>
List-Post: <mailto:icnrg@irtf.org>
List-Help: <mailto:icnrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/icnrg>, <mailto:icnrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jan 2015 18:26:43 -0000

I agree on all your points.

Consequently, I see two choices in front of us before to think to use 
ICN in the global scale:

1) either we found a reasonable way to scale the routing by object name 
(including mobility and multi-destinations/multi-sources cases);
2) or we found a reliable and secure translation mechanism.

Which of two will require less effort?

I do not know :-)

Andrea



On 01/09/2015 06:21 PM, David Oran wrote:
> While we may be forced into doing something like this ultimately, every time you introduce a level of indirection via some kind of translation function, you dramatically increase the attack surface against the system. Not only do you have to secure the input and the output values in the packets, you also have secure the translations against spoofing and the service that performs the translation against the full panoply of vulnerabilities.
>
> Routing hints are particularly tricky. I recall a proposal for NDN routing hints that was presented at a recent NDN retreat that looked superficially clever, but collapsed in a heap of security problems after a few hours of scrutiny.
>
> Invalidation of mappings is also quite delicate for routing systems where the expectations of routing disruption durations are much shorter than say, name mapping disruptions in systems like DNS due to translation cache TTLs.
>
> One thing that makes routing hints (as opposed to name->name translations) particularly tricky for NDN/CCN-like architectures is doing them in a way that does not break or substantially constrain multi-destination delivery. It’s much easier to do this with single-destination delivery - one example of a full-worked scheme is the LISP mapping service for IP.
>
> DaveO.
>
>
>> On Jan 9, 2015, at 2:30 AM, Andrea Detti <andrea.detti@uniroma2.it> wrote:
>>
>> On 01/08/2015 06:00 PM, Marc.Mosko@parc.com wrote:
>>> PARC will be releasing the next version of our working documents shortly, before the icnrg meeting.  We have for a while supported an Interest carrying a Payload field that can carry extended information that is not part of the name.  Intermediate nodes do not process the payload.
>>>
>>> If the payload can make a difference to a dynamic content publisher, then the requester must put a marker of the payload in the name — i.e. put the hash of the payload a a name component, or use a nonce.  This will allow proper multiplexing of different payloads in the name.
>>>
>> I see that this is a way to indicate to the router which is the part of the name that is relevant for the PIT/FIB purposes. And it sounds good to me, since it speeds up the lookup processes.
>>
>> However, let me pose a more general question: is it really "ICN mandatory" to use a component of the object name to forward?
>>
>> What we would lose, if we used the object name only for PIT and caching operations and (optionally) another "routing info" field completely decoupled from the name for FIB forwarding purposes?
>>
>> If we do not lose so much, why do not open an ICN 1.01 phase (2.0 was too ambitious ;-))  in which we recognize that routing by object name creates scalability problem in the large area, and so in these cases ICN can be helped by a plain old by routing by locator (aka routing info, routing hint, label, forwarding alias, etc.)?
>>
>> If this was obvious, probably it is now the right time to define such a TLV. Simirarily to KeyLocator we could define a ContentLocator that specifies a (or more) routable Name where it it is possible to found the object.
>>
>> I know that I am rediscovering the wheel since many other excellent projects/researchers before have predicted that, e.g.
>>
>> SAIL project 2010 – “Routing hints”
>>
>> S. Shenker, 2011 - Naming in content-oriented Architectures: “…the fetch-terms enable the routing system to more easily find the object”
>> http://www.icsi.berkeley.edu/pubs/networking/ICSI_namingincontentoriented11.pdf
>>
>> Presentation of D. Oran, 2011 - NDN and IP Routing: Can it scale? – “…Use a translation lookup to convert from content name to routing label(s)”
>> http://tools.ietf.org/group/irtf/trac/raw-attachment/wiki/icnrg/IRTF%20-%20CCN%20And%20IP%20Routing%20-%202.pdf
>>
>> Hermans et. al,  2012 - Global source mobility in the content-centric networking architecture- “Separate namespaces for identifier and locators”.
>> http://user.it.uu.se/~frehe489/publications/hermans12global.pdf
>>
>> L. Zhang, 2013 - Scaling NDN Routing: Old Tale, New Design, “Application names are used for caching and signature verification, while the forwarding alias, which reflects the service provider of the content producer, serves as a hint to routers about where the packet may be forwarded”
>> http://named-data.net/wp-content/uploads/2014/08/ndn-tr-4-scaling-ndn-routing.pdf
>>
>> N. Solis (PARC developer of CCNx 1.0), presentation at CCNxCon 2013 – Ordered-Element Naming (OEN), “I presented a matching system with order of preference based on labels (which included hashes of content)”
>> http://www.ccnx.org/events/ccnxcon-2013/
>>
>>      
>> Regards,
>>
>> Andrea
>>> It is not mandatory that applications do this — some data might rightly belong in the name.
>>>
>>> Using this method relieves the forwarding plane from having to process and store in the PIT large names that make no difference in routing.  It also means that the potentially large payload does not need to be echoed back to the client in the response name.
>>>
>>> The previous PARC spec is at
>>> http://www.ccnx.org/pubs/ccnx-mosko-tlvmessages-02.html
>>> .  It will be updated in the next day or so and we will send an email to the list.
>>>
>>> Marc
>>>
>>> On Jan 8, 2015, at 8:19 AM, Mark Stapp
>>> <mjs@cisco.com>
>>>   wrote:
>>>
>>>
>>>> On 1/8/15 4:24 AM, Andrea Detti wrote:
>>>>
>>>>> Dear Mark,
>>>>>
>>>>> I found rather interesting this question
>>>>>
>>>>> "Is it really necessary to continue to force all of the information in
>>>>> Interests into the Name?  Wouldn't it be clearer to use the Name only
>>>>> for publisher/routing info, object name info, and segment/sequence number?"
>>>>>
>>>>> and wonder ICN community think about that. Especially with respect to
>>>>> the routing info.
>>>>>
>>>>>
>>>> That specific question has been open for quite a long time - not really in the routing context however. One position has been that Interests carry "only" a name, and therefore all application-specific data must be in the name. Now in fact Interests have been permitted to carry several additional "meta" items - such as filters/selectors (another open topic) and timeout values. Another position asks whether there are types of application-specific data that could also be carried outside the Interest name. We've asked whether REST-ful application state transfer might be one example.
>>>>
>>>>
>>>>> I see a scalability problem with the ICN routing plane,
>>>>>
>>>> yes, of course - that's a very long-standing problem.
>>>>
>>>> especially when
>>>>
>>>>> objects are multi-sourced (same object on my PC and on my phone) and
>>>>> objects are provided by mobile devices.  This framework could be the
>>>>> norm in the future.
>>>>>
>>>> that's ... certainly an assertion I've heard before, but "could be" is about as strong as it gets. there are a lot of questions about whether encapsulation mechanisms, or "name resolution" mechanisms, or some other mechanisms will be needed to deal with the expected name scale, whether or not there will be any significant of peer-to-peer communication. personally, I think it's highly unlikely that my phone will "publish" anything directly, but that's just another speculation really.
>>>>
>>>> at the moment, I'd be happy if there could be progress on even the most basic aspects of messaging - such as what names look like, something that seems truly fundamental.
>>>>
>>>> Thanks,
>>>> Mark
>>>>
>>>> _______________________________________________
>>>> icnrg mailing list
>>>>
>>>> icnrg@irtf.org
>>>> https://www.irtf.org/mailman/listinfo/icnrg
>>> _______________________________________________
>>> icnrg mailing list
>>>
>>> icnrg@irtf.org
>>> https://www.irtf.org/mailman/listinfo/icnrg
>>>
>>>
>>>
>> _______________________________________________
>> icnrg mailing list
>> icnrg@irtf.org
>> https://www.irtf.org/mailman/listinfo/icnrg
>

v2.23.0 | Report a Bug | By Email