In Computer Communications course, we have been wanted to present a SIGCOMM paper and write a report about it. We choose this paper, Named Data Networking. The paper was a summary of all works done related to Named Data Networking.
This is our report. We had limited time to write this paper, I can consider it incomplete. It may have better. It can give more information and give sophisticated point of views about NDN. Regardless, it was a good work about NDN.
We choose this paper, because it has a new concept of thinking about computer networking. We don’t want to get results of paper and accept them. We wanted to consider it’s results, and we will continue to consider about them. This concept asks philosophical questions about computer networking, what is computer networking, how those will be modeled and implemented to get a stable, generalized, efficient and longlasting internet architecture. On this time, questions are more important than answers. Because NDN is a concept, not a worldwide implemented architecture. Thus, NDN’s questions can bring us to new results and new concepts about computer networking.
On presentation, we told the main concepts of NDN, instead of digging into it. Because the idea of IPless networking and the centralizing the content are powerful ideas to be told that can not be understandable in 15 minutes (As the father of idea, Van Jacobson has 4 hours of presentation about this concept while presenting CCN/NDN). As we are researching about the concept, we bumped into different sides of these main concepts. (Such as, IP networking has source address and destination address. However NDN interest packet has just a concept of destination address. We considered this problem different sides. How answer packet will return if there is no source address? How routers consider packet? When returning data, should the same route will be used? Is it a must?) We don’t have time to dig into these considerations in presentation.
Van Jacobson, who has many contributions to today’s network, presented his new idea as Content Centric Networking in 2006. The main focus on today’s networking is hosts binded to IP addresses. CCN’s idea to networking that changing this focus to data itself. Van Jacobson’s idea to networking that there is unnecessary layers. IP addresses, ports has many side effects on today’s applications and their data traffic. Mobile applications binded to IP addresses. When moving if IP address changes, connection will be lost. Because connections are between server and client. On server side system administrators should consider about IP networking mechanisms to apply load balancing applications such failover, high availability implementations. Network architecture just pipes the connection. Not acknowledges and manages it besides to what its inside. The main single point of failure on today’s networking applications: the connection. TCP/IP architecture itself. The server – client architecture. Van Jacobson suggests a new architecture model that fits today’s networking needs.
The model is: Client just states its own want that is named in protocol as “interest”. Client sends interests and network brings it to client. Client doesn’t connect to client. Network is indicated as cloud in many diagrams. It is a defacto standard. Thus, we name the model as client-cloud model.
To dig into what really happens in network, network actually pipe the data also. It will go to an end point device. However NDN network has too many abilities over today’s network. It can classify data, manage data independent from the source, drop data. Gives more managebility options to Network administrators. These are the main objective of the structure.
NDN architecture names clients as “consumer”s, and servers “producer”s.
The first main idea was on CCN/NDN networking is the model that we told them upper paragraphs. The second main idea on CCN is IPless networking. No need to DNS and IP conversion. This idea simplifies the main network structure. DNS and IP conversion makes complex addressing. This type of complexity provides attackers that attack to the addresses and manage it’s own data. For example
, “.tr” DNS servers hacked by a White hat Turkish hacker. And he changed the IP addresses of www.google.com.tr, www.microsoft.com.tr, etc. “.tr” domain addresses of some big companies. He hacked so many “tr” domains without hacking Google servers, Microsoft servers or any other tr domains’ servers. If he can manage, he can mitm (man in the middle) the traffic any “.tr” DNS servers. Such as traffic of a Turkish bank, and he can steal so many credit card information. Addressing complexity creates network and application managebility problems and give attackers to attack the addresses.
CCN/NDN addresses are names. No need to DNS and IP conversion. Names are the main focus on managing packets. Names are not addressing hosts. They are addressing to contents. Names have URL like structure. Thus, every content have a name in CCN/NDN architecture.
We have noticed an important design situtation in networks. Many brand new online applications are seperating data from view part depending upon to web services concept. Every application have data API’s to usable from other applications. This is an important software design property: Seperating display side of the software, from data controller side. Also there are new storage concepts which are using web services: Object storage (Because they can’t manage the the data in file system. They can’t natively add metadata to the stored data). Considering this situations, web service logic can natively fit into the CCN/NDN structure. (We didn’t have time to investigate NDN package structure have same abilities that web services have. May be it need thin layer to apply web service abilities by considering the design parameters. Or this abilities can be added to the NDN packages. Needs to investigate about it.) Thus; considering this concept, CCN/NDN data also can be an object like XML, JSON or any other structured object data format.
Third main idea about the CCN/NDN is data caching. We think this idea is inspired by DNS and CDNs (content data networks). Because DNS queries are cached on client computers and DNS cache servers, if ISP supports that. Also CDN’s are cache/store the same data on different locations of the world, for fast access everywhere in the world. CCN/NDN structure has the native feature of what CDN’s does. What data comes, cached in the content store of router. If another client has connected to the same router “interest”s the same data, the packet will be returned from router’s cache. There is no need to get data from producer.
In conjunction with cache, NDN has a native multicasting network design. Because the main structure in network is data, not host or not a connection. One time sending of data is enough for NDN structure on 1 or 1000.000 request on same router. Some NDN supporters say, TCP/IP has no multicast support. That is not true. Both IPv4 and IPv6 has multicast support in design. However, forwarding multicast packets impose a great deal of protocol complexity on ISPs. Second: multicast packet forwarding can also be used for DDoS attacks. In design, NDN has no scaling problems. However, we didn’t implemented it yet. We can’t figure out what problems occur in NDN implementation. NDN testbeds will decrease this implementation problems.
Caching implementation have storage needs. Whilst storage production costs will decrease and storage speeds will increase. There are non-volatile RAM technologies. There will be no need for 7200 or 15K RPM mechanical disks. Non-volatile RAM means there may be no harddisk technology in the future. Also there is memristor technology implemented by HP Labaratories in 2006. It has 1/10 speed of standard DDR RAM. It has 100 fold faster than SSD harddisks. HP stated that, they will produce 100TB of memristor harddisks by 2018. Storage costs will decrease.
NDN has no TCP/UDP structure. However, in today’s internet structure, data sent by packets by packets. However, in NDN how it will be implemented? How transmission control done in NDN? By considering the NDN Naming Convention
, data will be segmented into data chunks. Which is named segmentation. Protocol data unit of TCP has name “segment”. However, this is just a naming. This doesn’t tell about flow control of chunks. How flow control driven in NDN? NDN has applications. Flow control have to be driven by every application itself.
We considered the main design concepts of NDN networking by comparing today’s networking technology.
Then we can start Named Data Networking. It has main focus on Named Data Chunks instead of IP addresses. We told what is “name”, what is “data” focused and what is “chunk”s. What are the main objectives and what are the design goals.
This is the main idea of Named Data Networking, it is suggested by Van Jacobson as Content Centric Networking.
It has different names, but the main idea don’t change:
- Content Centric Networking
- Named Data Networking
- Information Centric Networking
- Data Oriented architecture
Content Centric Networking designed at Palo Alto Research Center (PARC). That is the first name of this idea. And studies continues on PARC with CCN name.
USA National Science Foundation forked the idea and CCN code as Named Data Networking. After NDN rewrite the code from scratch. We are thinking that NDN can be future internet design. Because NSF funds the project. If the project comes to an enterprise level, USA has the political power the Project make the World use of. Name of NDN testbed between universities are I2 which is abbrevation for “Internet 2”. These are predictions about future of Internet, considering with political powers. These predictions don’t state any political views.
However, NDN has data oriented architecture. It makes the data singular on network.
On NDN packet structure, Content Name has just the destination address. There is no source address in NDN packet. Data packet returns by PIT tables in NDN node model. “Content Name + Nonce” value used for prevent packet flooding.
NDN Node Model has 3 structure. Content store is cache table of router. If interested data exist in Content Store, packet will not be forwarded. Data will be returned from cache. If cache miss, interested name will be checked on pending interesing table. If address exist on PIT, and face is new, it will be added to incoming face. Returned data will be pushed that faces. If there is PIT misses, interested name will be added to PIT table and interest checked in Forward Information Base. If interest is suitable with FIB, it will be forwarded by the Forwarding Strategy. If not, it will be dropped or returned by negative acknowledment.
On the different side of Node Model, we can see tables explicitly. There are face. We tought that “interface” concept named as “face”, because it has no interconnection between other networks. It just knows its own faces.
NDN routers have to have much performance than today’s routers. Because they will have to check the 3 tables, content store, PIT and FIB. Content names can be more than longer than IP addresses. IP addresses has fixed sizes, however content names can differ size, also it can be huge if it is not controlled. Also every packet have to be verified by signature. Signature checking can be CPU intensive based on using algorithm. Also content store table has to be checked. This case also increases cost.
Because of the fact that, NDN has a different structure than TCP/IP, NDN applications have to be different from standard TCP/IP applications. Every NDN application, have to implement have to implement NDN stack, have to implement NDN segmentation feature.
NDN have a design that it can work UDP/IP overlay. Also, TCP/IP can work over NDN. IP and NDN can work hybrid on transition phase. IP protocol has started working on telephone network.
NDN has some cryptographic features to integrate security. One is for data integrity. NDN has use Hash Based Message Authentication Code (HMAC) to check header and data is correct. It natively adds HMAC to Interest and Data packet to control if bits are send correctly. If one bit changes in transmission, HMAC check will fail, and received data will be considered incorrect.
Second cryptographic feature of NDN is SDSI/SPKI which is designed by Ron Rivest, is a famous cryptographer (RSA, MD5, etc…). Today’s internet structure uses PKI, Public-key Infrastructure which has a tree based certificate authorization mechanism. Every certificate is signed by its parent CA certificate (CA certificate is “certificate authority certificate” which has authority over its child certificates.). The main structure of this, every operating system, some browsers, mobile phones come with a trusted certificate store. Every certificate authority such as Verisign, Thawte, Tübitak, Türktrust, have to agree with this OS, mobile phone, browser manufacturers to add their own certificate to certificate stores. However, someone want to add its own certificate to this stores, has to pay money to manufacturers. Also, some certificates private keys are stolen. That means, SSL mitm (man in the middle) attacks can be implemented (However, it don’t means SDSI will not this problem.). SDSI has different structure. It has distributed architecture. Keys are mapped to identities via namespaces. This means every router (may be every NDN client) have a key, and crypts with its own key.
In conclusion, NDN has more advantages over todays networking. It is not connection based, no need to DNS-IP conversion. It has data oriented architecture. It is hard to implement DDoS on NDN. Gives more control over ISPs. On the other side, routers will need more and more resource. Also, it will give more authority over governments and companies. This may prevent free internet.
And our presentation is:
Special thanks for helping: Mehmet Burak Uysal
, Network Group Leader in Istanbul Technical University IT Center.