NetworkAnnotations
From RAD Lab
←Older revision | Newer revision→
Cross Layer Network Annotations
People
- Students:
- George Porter
- Rodrigo Fonseca
- Faculty:
- Randy Katz
- Scott Shenker
- Ion Stoica
Summary
In the orginal design of the Internet, almost all of the complexity was at the end hosts, while the core just implemented a simple best effort packet routing service. However, this basic service model has been pushed to its limits in many aspects. This is due to many new requirements emerged, such as complex routing and security policies, very different links such as wireless and optical, as well as the need for increased performance and quality of service. Correspondingly, many enhancements have been proposed that require more functionality from the network. These include mechanisms for enhancing performance, such as XCP and TCP FastStart, and adapting TCP for wireless links (ELN, CETEN); mechanisms for scalable QoS, such as SCORE; and mechanisms for increasing security, like IP Traceback and SIFF. While very different in nature, what is common in all of these is the need for some form of signalling between different nodes along the path, as well as across different layers of the network stack. There is, however, no general mechanism that allows this communication to take place, and people have resorted to different ad-hoc solutions to each problem.
We are investigating 'annotations' as this general mechanism to allow cross-layer and cross-node communication. We wish to provide the abstraction of a "scratchpad" where different layers at different nodes can put and get information. We divide the problem in two aspects: how to encode this information in IP packets, and how to achieve cross-layer signalling within a node. For the first part, we have shown in a measurement study that IP options are not a viable solution, and have a prototype for router transparent annotations. For the second part we are exploring some alternatives. The challenge lies in creating the right operating system abstractions that allows different layers to communicate with eachother, even when data units are fragmented and aggregated.
We give two specific examples of how this annotation channel may me useful. The first is related to TCP performance when going over wireless links. As is well known, TCP adjusts its congestion window at the sender when faced with packet drops with the assumption that most of the loss is due to congestion. This assumption fails for wireless links, where many losses are due to corruption. If the sender knows about this, there are many works that show it can adjust its congestion window accordingly, greatly improving perfomance. However, this information is available at a different node (the wireless access point), and at a different layer (the link layer) than the sender. If the wireless access point can annotate some of the packets with the recently observed loss rate at its link, and this information is reflected back to the sender's TCP process, it can act appropriately.
A second example is on how to enforce security policies on an enterprise network. Suppose a server administrator in a network wants to enforce the rule that packets arriving from an external network must go through a layer-7 firewall, while internal packets do not need to. Normally, such policies are implemented by a physical constraint on the network topology, assuring that only certain paths exist. However, unexpected changes in topology as links go up or fail, may create unexpected policy violations which are very hard to detect. We propose a simple use of packet annotations that makes enforcing of the server policy resilient to network changes. The ingress routers of the network mark external packets as coming from the outside. Eventually these packets go through the firewall, and get signed by the firewall if deemed safe. The server can then check to see if all external packets have been checked, and act on the packets that fail the check. The key aspect here is that even if a link is introduced by a network administrator that would violate the desired server policy, an alarm can be easily generated.
There are yet other applications we envision, such as tracing of requests in a composed, multi-tiered application, use of annotations for implementing network packet witnessing, and encoding of the relative importance of a packet for a video stream. We view the ability to provide this abstraction for communication between different layers at different nodes as an important enabler for future networked applications.
