Unreliable inter process communication in Ethernet: Migrating to RINA with the shim DIF

Sander Vrijders, Dimitri Staessens, Didier Colle, Mario PickavetGhent University – iMindsEleni Trouva, Eduard Grasai2CAT John Day, Lou ChitkushevBoston University

20/04/23 1

Communication between application processes Not to be confused with communication between

interfaces TCP/IP !!!

Basic premise: All networking is inter process communication and IPC only

All communication goes through three phases: Enrollment Flow allocation Data transfer

20/04/23 2

Enrollment

Creates/maintains/distributes/deletes the information within a layer that is needed to create instances of communication

Often ignored in the current internet architecture Addresses, maximum packet size, … More well-formed enrollment phases in IEEE

802.11 (WiFi) and IEEE 802.1q (VLAN)

20/04/23 3

Flow allocation

Creates/maintains/deletes the shared state between connection endpoint-ids necessary to support the functions of the data transfer phase

For unicast: between 2 communication processes

Also often ignored, forgotten Without a flow allocation phase, all Protocol

Data Units (PDUs) are implicitly accepted

20/04/23 4

Data transfer

The actual sending of data In the current architecture the other phases are

often skipped Immediately skipping to data transfer causes

unreliable inter process communication

20/04/23 5

Examining the Ethernet Header

Ethernet II: specification released by DEC, Intel, Xerox (hence also called DIX Ethernet)

20/04/23 6

Preamble MAC dest MAC src 802.1q header (optional)

Ethertype Payload FCS Interframe gap

7 bytes 6 bytes 6 bytes 4 bytes 2 bytes 42-1500 bytes

4 bytes 12 bytes

Examining the Ethernet header

IEEE 802.3 Frame

Combined with IEEE 802.2 (LLC)

20/04/23 7

Preamble MAC dest MAC src 802.1q header (optional)

Length Payload FCS Interframe gap

7 bytes 6 bytes 6 bytes 4 bytes 2 bytes 42-1500 bytes

4 bytes 12 bytes

DSAP SSAP Control Information

1 byte 1 byte 1-2 bytes M bytes (M>=0 )

Ethertype

Identifies the syntax of the encapsulated protocol

Layers below need to know the syntax of the layer above

Layer violation! Same for the protocol id in the IPv4 header

20/04/23 8

Consequences of using an Ethertype

Also means only one flow can be distinguished between an address pair

The MAC address doubles as the connection endpoint-id

20/04/23 9

Same problem with LLC?

Source and Destination Service Access Points (SAPs) are the connection endpoint-ids

Allow for more than one flow to be distinguished between two communicating nodes

Still fixed endpoints All traffic will still be accepted

20/04/23 10

Recursive InterNet Architecture (RINA)

New internetwork architecture Unified theory of networking A layer = a distributed application that provides

IPC over a certain scope, called a Distributed IPC Facility (DIF)

Recurse as much as needed Can be configured to a certain policy

20/04/23 11

Architectural model

DIF

System (Host)

IPC Process

Shim IPC Process

MgmtAgemt

System(Router)

Shim IPC Process

Shim IPC Process

IPC Process

MgmtAgemt

System(Host)

IPC Process

Shim IPC Process

MgmtAgemt

Appl. Process

Shim DIF over TCP/UDP

Shim DIF over Ethernet

Appl. Process

IPC API

Data Transfer Data Transfer Control Layer Management

SDU Delimiting

Data Transfer

Relaying and Multiplexing

SDU Protection

Transmission Control

Retransmission Control

Flow Control

RIB Daemon

RIBRIB CDAP Parser/Generator

CACEP Enrollment

Flow Allocation

Resource Allocation

Forwarding Table Generator

Authentication

State

Vec

tor

State

Vec

tor

State

Vec

tor

Data Transfer Data Transfer

Transmission Control

Transmission Control

Retransmission Control

Retransmission Control

Flow ControlFlow Control

IPC Resource

Mgt.

Inter DIF Directory

SDU Protec

tion

Multiplexing

IPC Mgt. Tasks

Other Mgt. Tasks

Application Specific Tasks

Increasing timescale (functions performed less often) and complexity

Recursive InterNet Architecture

Recognizes the three phases all communication goes through!

Other advantages of RINA: Inherent support for QoS Multihoming and mobility More secure

20/04/23 13

Flow allocation in RINA

20/04/23 14

Application A performs a flow allocation request Application B responds to this request

Accept Deny

If positive reply, a flow is created: Port-id is assigned for further reference Connection (with CEP-id) is maintained in lower layer

while there is active data transfer

After flow allocation

20/04/23 15

Flow allocation in TCP/IP

UDP has the same problem as Ethernet No flow allocation “Well-known ports” security risk Either manual configuration needed for flow allocation Or use of other protocols (for instance SIP)

TCP has an incomplete flow allocation phase But, overloads the uses of the TCP port (port-id and

CEP-id) another security risk So, no decoupling of the flow allocation (port-id) and

data transfer phase (CEP-id)

20/04/23 16

Shim IPC process for 802.1q

Interfaces a new model to a legacy implementation shim

Allows RINA DIFs to use it unchanged Only provides the capability of a legacy layer Simulates flow allocation

20/04/23 17

Shim IPC process over 802.1q

Spans a single Ethernet segment VLAN id is shim DIF name: joining the VLAN is

considered enrolling in the shim DIF Uses Ethernet II: Only one user of the shim DIF Reuses the Address Resolution Protocol (ARP)

In RINA knowing which application is available at what address(es) is part of enrollment

For DIFs with small scope it can be part of flow allocation, just broadcast the allocate request

20/04/23 18

Placement of the different PMs

20/04/23 19

State diagram

20/04/23 20

Conclusion

Creating the shim DIF over Ethernet reveals something about the nature of layers

For reliable inter process communication, three phases have to be present

Port-id and CEP-id have to be decoupled! Port-ids seem to be a necessity for a clean

separation of layers

20/04/23 21

Questions ?

20/04/23 22

Sander Vrijderssander.vrijders@intec.ugent.bewww.ibcn.intec.ugent.beInternet Based Communication Networks and Services (IBCN)Department of Information Technology (INTEC)Ghent University - iMinds