PoComON∗ A POlicy-COMpliant Overlay Network
نویسنده
چکیده
On today’s commodity internet, senders have no control over the path that their packets take beyond the first hop. This aspect of today’s internet prevents many potential network policies from being implemented. Source routing has been proposed as a mechanism to solve this problem, in which the sender chooses the path the traffic will take. However, previous approaches have either not enforced policies specified by the sender, or have been prohibitively expensive in terms of computing power. icing-pvm addresses these concerns by efficiently implementing source-based routing in a manner which allows path preferences to be enforced. PoComON builds on top of icing-pvm, and provides a transitional overlay network to deploy icing-pvm on today’s internet supporting legacy applications. 1 Intro 1.1 → ICING-PVM The current Internet provides a simple delivery mechanism: we put destination addresses in packets and launch them into the network. We leave the network to decide the path that our packets take and the intermediate providers that the path passes through. Even network operators have little control over the paths that packets take toward them, or after leaving them. There are times, however, when senders, receivers, and operators would prefer to control packets’ paths—and be sure that their preferences are enforced. For instance, if the fact of a communication (not just its content) between sender and receiver is sensitive, they might want to select network providers that they trust to be discreet. Or an enterprise might want a guarantee that the packets that it receives have passed through several services, such as an accounting service and a packet-cleaning service. Or a company might want ∗Some of this document is borrowed (nearly) verbatim from the icing-pvm USENIX Security submission [25]. Sections/paragraphs that are borrowed are denoted with a → .
منابع مشابه
Requirements for Privacy-Enhancements in Mobile Ad Hoc Networks
This paper formulates requirements for anonymous overlay networks for enhancing the privacy of mobile ad hoc network users. Besides, it analyzes existing peer-to-peer based anonymous overlay networks and shows that none of them are compliant with those requirements. Finally, it outlines the ongoing design of an anonymous overlay network intended for mobile ad hoc environments.
متن کاملUse of IPsec Transport Mode for Dynamic Routing
IPsec can secure the links of a multihop network to protect communication between trusted components, e.g., for a secure virtual network (VN), overlay, or virtual private network (VPN). Virtual links established by IPsec tunnel mode can conflict with routing and forwarding inside VNs because IP routing depends on references to interfaces and next-hop IP addresses. The IPsec tunnel mode specific...
متن کاملInter-domain policy violations in multi-hop overlay routes: Analysis and mitigation
The Internet is a complex structure arising from the interconnection of numerous autonomous systems (AS), each exercising its own administrative policies to reflect the commercial agreements behind the interconnection. However, routing in service overlay networks is quite capable of violating these policies to its advantage. To prevent these violations, we see an impending drive in the current ...
متن کاملA Distributed Algorithm for Throughput Optimal Routing in Overlay Networks
We address the problem of optimal routing in overlay networks. An overlay network is constructed by adding new overlay nodes on top of a legacy network. The overlay nodes are capable of implementing any dynamic routing policy, however, the legacy underlay has a fixed, single path routing scheme and uses a simple work-conserving forwarding policy. Moreover, the underlay routes are pre-determined...
متن کاملPolicy-based Resource Sharing in Streaming Overlay Networks
In this chapter, we discuss peer-to-peer media streaming overlay network architectures and introduce a policy-based architecture for streaming live media from media sources to end-users over independently owned and operated networks. This architecture (mSON) efficiently supports multiple simultaneous media streams, with different sources and user populations, through shared overlay resources. T...
متن کامل