András Zahemszky

LIPSIN: line speed publish/subscribe inter-networking

A large fraction of todays Internet applications are internally publish/subscribe in nature; the current architecture makes it cumbersome and inept to support them. In essence, supporting efficient publish/subscribe requires data-oriented naming, efficient multicast, and in-network caching. Deployment of native IP-based multicast has failed, and overlay-based multicast systems are inherently inefficient. We surmise that scalable and efficient publish/subscribe will require substantial architectural changes, such as moving from endpoint-oriented systems to information-centric architectures. In this paper, we propose a novel multicast forwarding fabric, suitable for large-scale topic-based publish/subscribe. Due to very simple forwarding decisions and small forwarding tables, the fabric may be more energy efficient than the currently used ones. To understand the limitations and potential, we provide efficiency and scalability analysis via simulations and early measurements from our two implementations. We show that the system scales up to metropolitan WAN sizes, and we discuss how to interconnect separate networks.

Forwarding anomalies in Bloom filter-based multicast

Several recently proposed multicast protocols use in-packet Bloom filters to encode multicast trees. These mechanisms are in principle highly scalable because no per-flow state is required in the routers and because routing decisions can be made efficiently by simply checking for the presence of outbound links in the filter. Yet, the viability of previous approaches is limited by the possibility of forwarding anomalies caused by false positives inherent in Bloom filters. This paper explores such anomalies, namely (1) packets storms, (2) forwarding loops and (3) flow duplication. We propose stateless solutions that increase the robustness and the scalability of Bloom filter-based multicast protocols. In particular, we show that the parameters of the filter need to be varied to guarantee the stability of the packet forwarding, and we present a bit permutation technique that effectively prevents both accidental and maliciously created anomalies. We evaluate our solutions in the context of BloomCast, a source-specific inter-domain multicast protocol, using analytical methods and simulations.

BloomCasting: security in bloom filter based multicast

Traditional multicasting techniques give senders and receivers little control for who can receive or send to the group and enable end hosts to attack the multicast infrastructure by creating large amounts of group specific state. Bloom filter based multicast has been proposed as a solution to scaling multicast to large number of groups. In this paper, we study the security of multicast built on Bloom filter based forwarding and propose a technique called BloomCasting, which enables controlled multicast packet forwarding. Bloomcasting group management is handled at the source, which gives control over the receivers to the source. Cryptographically computed edge-pair labels give receivers control over from whom to receive. We evaluate a series of data plane attack vectors based on exploiting the false positives in Bloom filters and show that the security issues can be averted by (i) locally varying the Bloom filter parameters, (ii) the use of keyed hash functions, and (iii) per hop bit permutations on the Bloom filter carried in the packet header.

MPSS: Multiprotocol Stateless Switching

The Multiprotocol Label Switching (MPLS) architecture has become a true success story in the world of telecommunications. However, MPLS becomes cumbersome if multicast communication is needed, as aggregating of labels is not easy. Because of that, when providing Multicast VPNs, operators need to trade-off bandwidth usage with the amount of multicast state, sacrificing efficiency. Forwarding with Bloom filters in the packet headers offers the opportunity to have quasi-stateless network elements; the amount of forwarding plane state does not depend on the number of paths/trees the node participates in. In this paper, we propose Multiprotocol Stateless Switching (MPSS), the marriage of MPLS and Bloom filter based forwarding. The forwarding architecture inherits the flexibility of MPLS and gives operators the opportunity to offer Multicast VPN services while avoiding the difficult process of fine-tuning the trade-off between bandwidth usage and state.

Exploring the Pub/Sub Routing & Forwarding Space

We envision an information-centric future Internet where the network is built around named pieces of data instead of explicitly addressable hosts. One clear way of implementing information-centric networking is using publish and subscribe (pub/sub) operations instead of the send and receive primitives. Internet-like pub/sub networking requires completely different routing protocols and forwarding mechanisms compared to those that are extensively used today. Consequently, we are facing a clean-slate design exercise, where we should start our adventure by exploring the new design space. We identify four key metrics (signalling overhead, state in nodes, information in packets and routing stretch) to help us evaluating the different proposals. We present a general five-step approach for routing in pub/sub networks. The presented approach is recursive, so it can be repeated as many times as necessary until we reach manageable sized problem instances. The final part of the mechanism is to glue together the created and assigned forwarding structures to the publication to ensure that all interested subscribers at any domains in the network will get the requested data.

Experimentally-Driven Research in Publish/Subscribe Information-Centric Inter-Networking

Testing and evaluating new architectural propositions is a challenge. Given the usual variety of technologies and scales involved in the necessary evaluation, a one-size-fits-all approach does hardly suffice. Instead, a collection of evaluation and experimentation methods must be chosen for a comprehensive testing of the proposed solutions. This paper outlines some of the approaches chosen for an architectural proposition that establishes a publish/subscribe-based internetworking layer for the Future Internet. For that, we outline challenges we identified when turning to experimentation as a means of evaluation. We then present the variety of emulation as well as experimental test bed efforts that attempt to address these challenges. While this is not to be seen as a conclusive summary of experimental research in this space, it is an attempt to summarize our efforts as a work-of-progress for others working the architectural field.

Fast reroute for stateless multicast

Multicast applications such as real-time streaming and video/teleconferencing tolerate delay and packet loss poorly. As a consequence, multicast routing and forwarding should offer flexibility and resiliency for them. In this paper, we introduce fast reroute methods for LIPSIN, a novel Bloom filter based multicast forwarding fabric. We propose two different algorithms, both capable of rerouting traffic immediately after the failure is detected, keeping service disruption at minimum. The two solutions give flexibility to operators by allowing trade-offs between bandwidth and configuration complexity. Finally, we give guidelines about the applicability of our methods by conducting simulations.

Scaling Bloom filter based multicast with hierarchical tree splitting

Bloom Filter based multicast has been proposed as a source-specific multicast solution to eliminate the multicast state requirements in the routers. However, the inherent limitation, the false positives, in the Bloom filter data structure amplifies the bandwidth wastage when the multicast tree scales to a large number of receivers. In this paper, we propose an algorithm which enhances the performance of the Bloom filter based multicast. It keeps the bandwidth waste below an acceptable upper bound while scaling the multicast tree for a large number of receivers. The large multicast tree is split into multiple smaller ones which are encoded into separate Bloom filters. Our algorithm enables multicast forwarding to be efficient - with careful setting of some parameters - for a hundreds of receivers as compared to the 20-30 receivers per group in the original technique. Furthermore, our algorithm, while slightly increasing the state requirements in the multicast sources, retains the desired property of statelessness in the intermediate routers.

Autonomicity in Virtual Private Network provisioning for enterprises

Large enterprises usually require Virtual Private Network (VPN) services provisioned by the network operator. Also, there is an emerging need for supporting multicast communications, i.e. one host communicate with other hosts located in multiple remote sites. While MPLS-based IP VPNs are proven to be scalable, current approaches for extending it with multicast features involve potential state explosion, some bandwidth inefficiencies in the operator network or complex management tasks to find a good balance between forwarding state and bandwidth usage. These properties are direct consequences of the current MPLS and network-layer multicast forwarding approaches, as state should be maintained in the forwarding plane for each tree in each intermediate node. In this paper, we build on a stateless Bloom-filter-based forwarding plane installed in the service providers network. By moving the state into the packet headers from the nodes, new trade-offs appear due to the probabilistic nature of Bloom filters. We highlight autonomic scenarios, such as self-configuration of addresses, resource management in the network, simple autonomic provisioning of dynamic multicast trees and self-optimization of forwarding performance.