P2P for the People Bringing Peer-to-Peer from the Laboratory into the Windows Operating System...
-
Upload
penelope-passe -
Category
Documents
-
view
218 -
download
0
Transcript of P2P for the People Bringing Peer-to-Peer from the Laboratory into the Windows Operating System...
P2P for the PeopleP2P for the PeopleBringing Peer-to-Peer from the Bringing Peer-to-Peer from the
Laboratory into the Laboratory into the Windows™ Operating SystemWindows™ Operating System
Sandeep K. Singhal, Ph.DProduct Unit ManagerWindows P2P and Collaboration TechnologiesMicrosoft [email protected]
© 2006 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
Why Care About P2P?Why Care About P2P?Eliminate bottlenecks, Eliminate bottlenecks, improve scalabilityimprove scalability
Lower deployment costs Lower deployment costs and complexityand complexity
Faster data transmissionFaster data transmission
Support ad-hoc and Support ad-hoc and disconnected networksdisconnected networks
Better resilience – no single Better resilience – no single point of failurepoint of failure
Powerful social interactionsPowerful social interactions
Reduce Reduce Reliance on Reliance on ServersServers
Direct Client Direct Client ConnectionsConnections
P2P SystemsP2P Systems
A P2P Platform in A P2P Platform in Windows?Windows?Well-engineered, supported protocolsWell-engineered, supported protocols
Secure by default, scale without limits, Secure by default, scale without limits, no servers requiredno servers required
Let applications focus on end-user Let applications focus on end-user valuevalue
Platform does the heavy liftingPlatform does the heavy lifting
Simplify deploymentSimplify deploymentBroad reachBroad reach
Enterprise managementEnterprise management
Mar 2005Windows Vista
Beta 1
Sep 2006Windows Vista
RC1
May 2006Windows Vista
Beta 2
2006Windows Vista
Release
Windows VistaPeer Name Resolution Protocol (PNRP)P2P Graphing and GroupingPeer Identity ManagerP2P ContactsPeople Near MeServerless Presence and PublishingP2P Application Invitation
Windows Communication FoundationPeer Channel
Jul 2003P2P Toolkit
first released inAdvanced
NetworkingPack for
Windows XP SP1
Aug 2004P2P ToolkitIntegrated
intoWindows XP SP2
Windows XPPeer Name Resolution Protocol (PNRP)P2P Graphing and GroupingPeer Identity Manager
P2P in Microsoft WindowsP2P in Microsoft Windows
P2P Platform in Windows P2P Platform in Windows VistaVista
Addressing and Connectivity
Experiences
Identity and Naming
DiscoverySession Initiation
Multi-Party Comms
Application Services
IPv6IPv6
TeredoTeredoISATAPISATAP
6to46to4
P2P P2P Contacts Contacts
and and Auth.Auth.
P2P P2P name name
resolutioresolution (PNRP)n (PNRP)
E-mail E-mail address address name name
resolutioresolutionn
People People Near MeNear Me
ServerleServerless ss
Presence Presence and and
PublishiPublishingng
ApplicatiApplication on
InvitatioInvitationn
Overlay Overlay NetworkNetwork
ss
Message Message MulticasMulticas
t and t and Web Web
ServicesServices
Shared Shared DatabasDatabas
ee
ReplicatReplicated Filesed Files
App and App and Desktop Desktop SharingSharing
What Have We Learned?What Have We Learned?
Technology is hard
Ecosystem is complex
What is the “Internet”?What is the “Internet”?
In the lab…In the lab…Everything is connectedEverything is connected
Hundreds of hostsHundreds of hosts
Controlled environmentControlled environment
In reality…In reality…Partial connectivityPartial connectivity
Billions of hostsBillions of hosts
Rampant security Rampant security attacksattacks
Internet ConnectivityInternet Connectivity
NATsNATs
FirewallsFirewalls
Asymmetric linksAsymmetric links
Variable (and shared) bandwidthVariable (and shared) bandwidth
CostCost
IPv6IPv6
Ubiquitous addressingUbiquitous addressing128-bit address space128-bit address space
Automatic addressingAutomatic addressingBetter behavior on disconnected Better behavior on disconnected networksnetworks
Improved connectivityImproved connectivityTransition technologies such as TeredoTransition technologies such as Teredo
NAT MechanicsNAT Mechanics
Machine A10.1.1.1
Machine B10.1.1.2
Send request for web page to gateway box
1
Gateway creates the mapping for 157.1.1.1 and sends to the web
2
Web sends data back to port mapping at NAT
3
NAT looks up mapping and sends to Machine A
4157.1.1.1
NATNAT
TeredoTeredo
IPv6 tunneling inside IPv4 UDPIPv6 tunneling inside IPv4 UDP
Hosts get unique IPv6 addressHosts get unique IPv6 addressConstructed from public IPv4 Constructed from public IPv4 address/portaddress/port
Used by stack to construct UDP Used by stack to construct UDP “wrapper” around IPv6 packet“wrapper” around IPv6 packet
Transparent to applicationTransparent to applicationApplication programs to IPv6 address and Application programs to IPv6 address and has access to full protocol range, port has access to full protocol range, port range, etc.range, etc.
Teredo sessions automatically Teredo sessions automatically established on demandestablished on demand
v6 Service
Simple Teredo NAT Simple Teredo NAT TraversalTraversal
157.1.1.1
NATNAT
Send request to service, construct IPv6 address from public IPv4 address/port (e.g. XX:IPv4:port::/64)
1
Future traffic can be send directly to nodes
2
Machine AXX::9D01:101:460:XX
Machine CXX::AC01:101:464:XX
172.1.1.1
NATNAT
v6 Service
Complex Teredo NAT Complex Teredo NAT TraversalTraversal
157.1.1.1
NATNAT
Send request to service, construct IPv6 address from public IPv4 address/port (e.g. XX:IPv4:port::/64)
1
Send a bubble to the destination address to open the NAT mapping
2
Send the packet to relay for delivery to destination
3
Future traffic can be send directly to nodes
5
Machine AXX::9D01:101:460:XX
Machine CXX::AC01:101:464:XX
172.1.1.1
NATNAT
Send a response to create a mapping in the NAT
4
The Internet is BigThe Internet is Big
GoalGoalOne billion active nodes in active P2P One billion active nodes in active P2P systemssystems
Example: Peer Name Resolution Protocol Example: Peer Name Resolution Protocol (PNRP), specialized DHT for serverless (PNRP), specialized DHT for serverless name resolutionname resolution
ChallengeChallengeInternet impact is potentially hugeInternet impact is potentially huge
One billion nodes, each at 1 bps sent One billion nodes, each at 1 bps sent inefficiently…inefficiently…
““Small beta”: Millions…Small beta”: Millions…
QuestionsQuestions
CorrectnessCorrectnessAre there bugs?Are there bugs?
Will it scale and work in complex network Will it scale and work in complex network topologies? topologies?
Have we introduced regressions?Have we introduced regressions?
CharacterizationCharacterizationHow much client / router bandwidth will it How much client / router bandwidth will it use?use?
How much backbone bandwidth will it How much backbone bandwidth will it use?use?
How long does an operation take?How long does an operation take?
Can we make it better?Can we make it better?
WiDS is Distributed WiDS is Distributed SimulationSimulation
WiDS
Agent
Node 1
Node N
Node 2
Slave1
Controller
Slave2 SlaveNMaster
Agent
Node 1
Node N
Node 2
Agent
Node 1
Node N
Node 2
SimulationSimulation
Design and implementationDesign and implementationDiscovered protocol behaviors that Discovered protocol behaviors that only become visible at scaleonly become visible at scaleFound implementation crashes and Found implementation crashes and race conditions that only occur at race conditions that only occur at scalescale
Deep understanding of bandwidth Deep understanding of bandwidth useuse
Background trafficBackground trafficActive trafficActive trafficTestbed for optimizationsTestbed for optimizations
Security modeling and analysisSecurity modeling and analysis
• 2 million nodes on 250 machines2 million nodes on 250 machines• Internet latency mapsInternet latency maps• Different node behaviorsDifferent node behaviors
What Can’t We Do (Yet)What Can’t We Do (Yet)
Validate the Validate the entireentire real stack real stackProduction code uses Winsock, not Production code uses Winsock, not messagesmessages
Validate system behavior with Validate system behavior with complex network factors like Teredocomplex network factors like Teredo
Integrate simulation with our Integrate simulation with our automated test systemsautomated test systems
Simulations are still slowSimulations are still slow
Hard LessonsHard Lessons
Simulation runs fail…Simulation runs fail…Floor buffers throw circuit breakersFloor buffers throw circuit breakers
Power supplies failPower supplies fail
Software has bugsSoftware has bugs
… … but you have to work around itbut you have to work around itSeparate failed machines from runSeparate failed machines from run
Run goes onRun goes on
Debug the failure off-lineDebug the failure off-line
Simulation-based testing and debugging Simulation-based testing and debugging processprocess
Automate everything possible to minimize Automate everything possible to minimize simulation run turnaround time and human simulation run turnaround time and human errorerror
SecuritySecurity
What’s wrong with this What’s wrong with this picture?picture?
Is this better?Is this better?
200200
800800
450450
500500
350350200200
800800
450450
500500
350350
Common P2P AttacksCommon P2P Attacks
Packet dropsPacket drops
Packet injectionPacket injection
Packet modification or mis-routingPacket modification or mis-routing
Packet delayPacket delay
TopologicalTopological Distributed
Anonymous
Mobile At surface, like normal Internet behavior
Our ApproachOur Approach
Detailed threat modelingDetailed threat modelingIdentify “resources” critical to systemIdentify “resources” critical to system
Determine system entry pointsDetermine system entry points
Analyze impact and mitigationsAnalyze impact and mitigations
Formal security analysisFormal security analysis
SimulationSimulation
Penetration testingPenetration testing
Confirm mitigationsConfirm mitigations
What Have We Learned?What Have We Learned?
Design security into Design security into the system corethe system core
PNRP names are cryptographically signed
Flower-petal rather than chained resolves
Check integrity of “leaf” nodes in routing tables
Shuffle neighbor links, create redundant routes
Link creation of Link creation of value to network value to network loadloadValidate system-Validate system-critical resourcescritical resources
Aggressive use of Aggressive use of randomizationrandomization
Examples
Security affects performanceSecurity affects performance
The choice is usually clearThe choice is usually clear
Technology Is Not Technology Is Not Enough!Enough!
The market must see the The market must see the value!value!
Market Perception of P2PMarket Perception of P2P
P2P is a potentially P2P is a potentially interesting new interesting new technologytechnology
No legitimate useNo legitimate use
P2P apps poorly P2P apps poorly engineeredengineered
InsecureInsecure
Poor traffic engineeringPoor traffic engineering
Apps are hard to writeApps are hard to writeMany toolkits with Many toolkits with limited distributionlimited distribution
No standards, common No standards, common programming models, programming models, etc.etc.
Unproven at scaleUnproven at scale
Hard to deployHard to deploy
Wikipedia
File sharing software
P2P development toolkits/forums
DieRIAA to protect file sharing rights
Wikipedia
File sharing software
P2P development toolkits/forums
P2P United to protect file sharing rights
Can P2P Provide Value?Can P2P Provide Value?Windows Meeting SpaceWindows Meeting SpaceEffective in-person meetingsEffective in-person meetings
File exchange and replicationFile exchange and replication
Screen/app sharingScreen/app sharing
Note passingNote passing
Why P2P?Why P2P?Easy to deploy and useEasy to deploy and use
Use anywhere, even without Internet Use anywhere, even without Internet connectivityconnectivity
ResilienceResilience
HoweverHoweverSecureSecure
Manageable by enterprise network policyManageable by enterprise network policy
DemoDemo PNRP (Internet Machine PNRP (Internet Machine Names)Names)
Windows Meeting SpaceWindows Meeting Space
Potential ScenariosPotential Scenarios
CommunicationCommunicationInstant messagingInstant messagingVoice, VideoVoice, Video
CollaborationCollaborationProject workspacesProject workspacesFile sharingFile sharingGamingGamingSynchronizationSynchronization
Content DistributionContent DistributionSports scores, weather, news, stock tickers, RSSSports scores, weather, news, stock tickers, RSSFile bulk transfer, streamed media, live contentFile bulk transfer, streamed media, live content
Typical ObjectionsTypical Objections
P2P does not bring enough value P2P does not bring enough value (especially relative the risk)!(especially relative the risk)!
I know how to deploy servers, why I know how to deploy servers, why learn something new?learn something new?
How do I control it?How do I control it?
How will I monitor it?How will I monitor it?
How can I provision my network?How can I provision my network?
What Have We Learned?What Have We Learned?
P2P adoption will be driven by P2P adoption will be driven by legitimate applications that legitimate applications that add end-add end-user valueuser value
Enterprises and ISPs desire Enterprises and ISPs desire predictable network behaviorpredictable network behavior
As with all things, P2P must be As with all things, P2P must be manageablemanageable
By policy within the enterpriseBy policy within the enterprise
ISPs… ISPs… And… there remains much to do…And… there remains much to do…
Call to ActionCall to Action
P2P researchP2P researchHelps reduce Internet complexityHelps reduce Internet complexity
Ubiquitous transparent end-to-end Ubiquitous transparent end-to-end connectivityconnectivity
Robust and secure systemsRobust and secure systemsHow to balance security, usability, and How to balance security, usability, and performanceperformance
Help make adoption easierHelp make adoption easierMonitoring and control of P2P traffic, quality Monitoring and control of P2P traffic, quality of serviceof service
Models for bandwidth, latency, and costModels for bandwidth, latency, and cost
Applications that bring P2P to the Applications that bring P2P to the PeoplePeople
ResourcesResourcesWeb sitesWeb sites
Windows Peer-to-Peer Networking: Windows Peer-to-Peer Networking: www.microsoft.com/p2pwww.microsoft.com/p2pIPv6 and Teredo: IPv6 and Teredo: www.microsoft.com/ipv6www.microsoft.com/ipv6Windows Vista SDK: Windows Vista SDK: windowssdk.msdn.microsoft.comwindowssdk.msdn.microsoft.com(go to Networking->Network Communication)(go to Networking->Network Communication)
NewsgroupsNewsgroupsmicrosoft.public.win32.programmer.networks microsoft.public.win32.programmer.networks microsoft.public.platformsdk.networkingmicrosoft.public.platformsdk.networkingmicrosoft.public.windows.developer.winfx.indigomicrosoft.public.windows.developer.winfx.indigo
BlogsBlogsblogs.msdn.com/kevin_ransomblogs.msdn.com/kevin_ransomblogs.msdn.com/peerchanblogs.msdn.com/peerchanblogs.msdn.com/raviraoblogs.msdn.com/raviraoblogs.msdn.com/tparksblogs.msdn.com/tparks
Platform questions, comments, and feedbackPlatform questions, comments, and [email protected]@microsoft.com
Research partnerships, job inquiries, ISVs, and questionsResearch partnerships, job inquiries, ISVs, and [email protected]@microsoft.com
© 2006 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.