Forwarding-label Support in CCN Protocol “draft-ravi-forwarding-label-

00.txt”

Ravi Ravindran, Asit Chakraborti (Huawei)Mark Mosko, Ignacio Solis

(PARC)

Agenda• Motivation• Forwarding label Mgmt• On the Wire• Forwarding-label Processing• PIT Implications• Cache Implications• Multi-Domain Scenario• Security Considerations• Use Case Scenario

– Producer Mobility– Securing forwarding-label– Example– Simulation Results

Last Meeting

• We had proposed several wire format affecting considerations– Forwarding Label– Interest Notification– Elastic Payloads– Conversational Traffic– Context Handling

• Plan few drafts combining one or more of these topics– for this meeting we discuss forwarding-label.

Motivation for Forwarding-label• A name other than the one in the Interest message.• Modifiable in the network

– Allows Insert, Swap, Remove operations– Enables dynamism – mobility, caching, service migration etc.– A key difference from the ‘Links’ proposed in NDN [1].

• Useful for Several Scenario– Late-binding for Producer mobility [2]– Routing Scalability– Service Indirection– Multi-Protocol Support– Fast forwarding Interests [3]

• Depending on the use case scenario, the implication on PIT/CS/FIB operation is different.[1] Alexander Afanesyev, Cheng Yi et al, “Map-and-Encap for Scaling NDN Routing”, NDN Technical Report , NDN-004.

[2] Aytac Azgin, Ravi Ravindran, G.Q.Wang, “Scalable Mobility-Centric Architecture for Named data Networking”, IEEE, CCNC (SCENE Workshop), 2014[3] Mark Mosko, “CCNx Label Forwarding (CCNLF)”– PARC

Forwarding-Label Management• Forwarding-label can be inserted by applications or by the

network.– Routers needn’t trust application inserted labels.– Reasons of cache poisoning.

• Registration, Resolution System, Resolution Query process has to be secure.– More secure when it is limited to a single domain.

• This draft considers the case where Forwarding-label operation is handled within a single administrative boundary.

• Multiple administrative domains can federate, so that labels inserted by one can be trusted by another.

On the Wire

• This is considering CCNx1.0 proposal.• Proposed as Optional field in the option body of the fixed header• The type is of “Locator-Name”, Optional Security attributes includes information

for authentication and integrity check.• Future extension could include different types of forwarding-label

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Fixed Header | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | <Optional TLVs> | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | T_LOCATER_NAME | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (Name TLV ) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Optional Security Attributes | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

+----------------------------+------------------+-----------------+ | Forwarding-Label | Meaning | Value | +----------------------------+------------------+-----------------+ | Locater-Name | Identifies an | Name TLV| | | AS-ID/Gateway| | | | /Service Point | | +-----------------------------+------------------+----------------+

Forwarding -Label

FL Processing: FIB

• All forwarders process optional headers, follows the following processing rules.

• If FL is present, it should be preferred for FIB lookup instead of the Interest name.

• During FIB look-up, check if the locator-name exact matches a service name.– If ‘Yes’, the related service logic re-resolves the Interest name to another locater-

name, or decide to remove it and subject FIB processing based on the Interest name.

– If ‘No’, use longest prefix match to determine the next hop• Case of using multiple forwarding labels depends on the purpose it is

used for.– For e.g. in mobility it may help in multicasting Interests to the old and new

Attachement Point (AP)– This draft doesn’t deal with such scenarios, though there is potential usage of

such stacking.

FL Processing: PIT Processing• If the network service is such that multiple requests arrives at a

router cannot have different forwarding labels then FL needn’t be considered for PIT processing.

• If service leads to multiple requests with the same Interest name arriving at the router with different forwarding-labels.– The forwarding-label state is saved along with Interest name and other

metadata information.– While Interests can be aggregated, the new Interest should be forwarded

to meet the service requirements.• In another situation, the service expresses Interests with a name

with specific FL.– In this case FL is matched even in the reverse path with the Interest when

it is forwarded back.– In case if the labels are swapped, then the reverse path shall append the

right forwarding label in the content object.– One way to mitigate the cache poisoning problem

FL Processing: Cache Processing Implications

• Depends on the case considered in the PIT processing discussion.

• If Interests with the same name don’t carry different FLs, then CO processing follows the usual process.

• Similarly if Interests arrive with different FLs have only forwarding implications– Then the returned CO’s are not returned with the FL hence no

additional cache processing is required.• Caching implication exists if forwarding-label is required to

be piggybacked along with the content object.– In this case the Content Object is cached with the forwarding-

label, and used to match against the Interest’s FL for the future Interests too.

Multi-Domain Scenario• Use of forwarding-label by another domain

depends on the trust association between domains.

• It is useful, if labels assists with inter-domain routing, avoiding insertion/removal at the ingress/egress of every domain.

• If forwarding-label cannot be re-used, forwarding-label is removed at the domain boundaries and, and new label pushed, with appropriate security attributes.

Security Considerations

• Generally hop-by-hop fields are subjected to security issues as they are outside the Interest/Content-object security envelop.

• Forwarding-label security depends on the service using it. – The threat vector spans registration, mapping

system, resolution, and data-plane security.• We provide more details in the context of

producer mobility.

Use Case Scenario: Producer Mobility

• The study in [1] uses forwarding-label to support intra-/inter- session/domain producer mobility.

• Seamless mobility is enabled by signaling between attachment points, allowing late-binding using forwarding-label.

[1] Aytac Azgin, Ravi Ravindran, G.Q.Wang, “Scalable Mobility-Centric Architecture for Named data Networking”, IEEE, ICCCN (SCENE Workshop), 2014, http://arxiv.org/abs/1406.7049

Differentiating Mobile Flows

• Supporting mobility incurs cost, as it requires assistance from resolution service and incurs dataplane overhead.

• So differentiating flows which require mobility support is more efficient, alternatives:– Use Consumer Signalling to indicate Interest flow

requires mobility service support.– Use name prefix to identify such network service

invocation.

Using Forwarding-LabelName Resolution:• At the service edge router, the name resolution service is invoked which

maps the Interest name to a locater-name.FIB Operation:• The forwarding-label is inserted, and forwarded to the next hop.• The successive hops checks if the locator-name maps to itself. If yes, the

mobility service logic checks if the Interest name is registered locally.– If it is, then FIB processing is based on the Interest name– If it is not, then mobility logic re-resolves the interest name to a new FL and

forwards the Interest based on it.• Once the Interest reaches the foreign or home domain, the FL is swapped

to its current attachment point.• At the AP, if the mobile prefix is registered, it is forwarded towards the

appropriate BS.• If the mobile device has moved, then the AP inserts a new FL, and

forwards it to the new AP.

Using Forwarding LabelPIT Operation • In the mobility case, Interests with the same name could arrive with

different FL, due to device mobility.• Hence the FL should be saved in the PIT with the Interest name and new

Interests with different FL should be forwarded.

Caching Operation• For mobility, the objective is to use FL to guide the Interest to producer’s

new location without considering any binding with the name, hence the FL is not piggybacked with the CO.

Inter-domain Operation• Depending on the trust association between domains, the locater-name

can be used by another domain, especially if the inter-domain routing is enabled.

Name Resolution System• Handling mobility using FLs requires a name resolution system.• Centralized systems are hierarchical, so name registration in the

lower domain has to announced to the higher level where it can be resolved.– Requires agreement on names between the hierarchical layers, e.g.

DNS.• With CCN/NDN, decentralized systems can be realized. The

Interest name can Identify the resolution domain.– E.g. /Enterprise/Alice/Phone/Service can implicitly resolved at

/Enterprise/mobility-controller.– This relationship can be used by foreign domains to update the home

domain when a mobile device registers in its own domain.– Here the domains can potentially manage their own name space,

without a centralized management authority.

Example: Using FL for Producer Mobility

• Here the mobility service components in the edge routers and the AP participate in registering prefix, resolve Interest Name, and conduct forwarding label management functions.

• Once resolved, the edge routers can cache the entries to prevent further look-ups.

• If the mP moves from AP-x to AP-y during the session, AP-x updates the FL and forwards it to AP-y.

CCN Network CCN Network

Edge Service Routers

Local Mobility Controller

Local Mobility Controller

Prefix_Reg: /Att/mP/Shared-VideomP_App

FIB:/Att/mP/Shared-Video fx

fx

/Att/Mp/Shared-Video /Att/Mobility/sc /Att/sc/AP-1

C_App

Consumer Mobile Producer

2

1

Mobility Service

AP-Y

AP-X

Attachment Point

Mobility Service

Interest:{/Att/Mp/Shared-video}

3

Interest:{/Att/Mp/Shared-video} : FL=‘/Att/Mobility/sc’

45

Interest:{/Att/Mp/Shared-video} : FL=‘/Att/sc/AP-X’

APx updates FL.

Security Forwarding-Labels• Major Threats– (1) Malicious Interceptor (acting as a publisher) injecting

incorrect mapping into the system.– (2) Malicious Interceptor (between service edge router and

resolution server) manipulates the mapping sent back from the NRS to the edge router

– (3)Compromised Intermediate Router maliciously changing the forwarding-label.

• Security Mechanisms– (1) & (2) are similar to one applied for LISP-SEC and DNS-SEC– (3) requires new security techniques, one way is to enable

domain level trust infrastructure so that mapping between Interest name and forwarding-label can be authenticated by successive routers.

Performance Analysis• Simulated with ndnSIM (built on ns3)• Grid-based topologies (2x2, 3x3, 4x4 AS

topologies, each with 1 LC and 8 CRs)• Input parameters:

– Handover latency (50ms), link specs (10Mbps and 10ms), CBR traffic (20 pps)

– Randomly placed Consumer/Producer pair

• Performance comparison to Flooding and Semi-flooding

• Performance metrics of interest:– Session throughput (measures

transmission efficiency, impact of retransmissions and recovery latency after handovers)

– Recovery overhead (measures number of Interests transmitted per successfully received Data packet)

2x2 grid-based AS topology

LCLC

LCLC

ER

ER ER

ER

PoA

SR

Semi-flooding: Flood after handover, and after convergence use single path

Building Blocks for Fast Forwarding• Local Controller (LC) provides name to locator mappings

within each domain (by communicating with other LCs)• Fast Path Table (FPT), controls information flow in the

network, and addresses forwarding scalability by providing next essential hop mapping for each stored content name

• Forwarding Label guides packet forwarding based on the FPT entries and is integrated within each Interest packet

• Mobility Tags (or Flags) identify Mobility Service association with the Interests and alert certain nodes of location change to trigger updates (to acquire accurate location info)

Updated PDU formats with the inclusion of mobility tags and forwarding labels

Handover Frequency• Random waypoint mobility at constant or U(min,max) speed• Investigated highly mobile and unstable scenarios with handover

frequency of up to 0.5 (handovers/s)• 20-34% of handovers correspond to Inter-AS handovers

Session Throughput• 80% effective throughput (which can further be increased to more

than 90% by limiting retransmission attempts), with 35% improvement over Semi-Flooding

Network-wide Interest Rate• 5-12 (or 2-5) times improvement in global Interest transmission rate

when compared to Flooding (or Semi-Flooding)

Recovery Overhead• Overhead represents the ratio of the additional Interest packets

transmitted at the perceived throughput performance• 50-200 (or 5-20) times improvement in overhead when compared

to Flooding (or Semi-Flooding)

Scalability Analysis

• Scalability on the order of O(hlogN), where h represents node mobility and N represents network size– More scalable than flooding-based policies that

experience overhead increase on the order of O(N)

4AS→9AS / 4AS→16AS / 9AS→16AS

Flooding Semi-Flooding

Fast-Forwarding

Size: 2.25/4/1.78 &Dist: 1.11/1.22/1.1

2.3/4.1/1.8 1.4-1.8/2.2-2.8/1.3-1.6

1.2-1.4/1.5-1.7/1.2-1.3

Summary

• Forwarding-label can be used for multiple purposes.– The draft proposed a FL of type locater-name.

• Security mechanisms depends on its use, and should include registration, name resolution, data plane aspects.

• We discuss its usage for producer mobility.