7th ACM Conference on Information-Centric Networking (ICN 2020)

Abstract:

Named data networking (NDN) is a content-centric future Internet architecture that uses routable content names instead of IP addresses to achieve location-independent forwarding. Nevertheless, NDN’s design is limited to offering hosted applications a simple content pull mechanism. As a result, increased complexity is needed in developing applications that require more sophisticated content delivery functionalities (e.g., push, publish/subscribe, streaming, generalized forwarding, and dynamic content naming). In this paper, we introduce a novel Enhanced NDN (ENDN) architecture that offers an extensible catalog of content delivery services (e.g., adaptive forwarding, customized monitoring, and in-network caching control) that can be programmed in the data plane using customizable P4 programs. More precisely, the proposed architecture allows hosted applications to associate their content namespaces with a set of services offered by the ENDN control plane. The controller then configures the data plane, which is comprised of two main modules: the enhanced packet processing and the forwarding logic modules. The former parses the packets and queries the enhanced content-based forwarding tables to generate a set of metadata fields used by P4 functions. The latter module is a novel P4 target architecture that executes these P4 functions on the arriving packets. The new architecture extends existing P4 models to overcome their limitations with respect to processing string-based content names. It also allows running independent P4 functions in isolation, thus enabling P4 code run-time pluggability. Experimental results demonstrate the ability of ENDN to achieve network efficiency with low latency.

Abstract:

Data naming is the most critical construct of Named Data Networking (NDN). The way a piece of content is named has profound impacts on content discovery, routing of user requests, data retrieval, and security. Besides, the naming of individual pieces of content seriously affects how the network behaves. While names are ubiquitous in NDN, the design choices for content names and how they affect the network have largely been overlooked. NDN applications and protocols usually name content to fit their particular application scenarios, often derived from existing naming conventions. However, these ad-hoc naming schemes often ignore the impact of these names on the network and the applications themselves. Drawing upon our experience in applying NDN to multiple science domains, we point out different exiting naming schemes in scientific communities, how we translated these names into NDN names, and the effect of naming on the network. Based on these observations, we provide a set of naming guidelines for future scientific applications and network operators supporting those applications.

Abstract:

Data chunks with names bound to them are "first-class citizens" in information-centric networks. The main service such a network provide to its users is the resolution of names to the associated data. A named function network (NFN) extends this service and also resolves on-demand computation expressions composed from named data and functions. The resolution of computation expressions is completely transparent to the user which makes it very convenient for application developers, however, also means the whole network becomes a black box that must be trusted totally. In this work we augment NFN with a datastructure that creates transparency about the genesis of every evaluation result. We show that this datastructure enables applications to single out results produced by dubious computing providers and further to maintain trust relationships with these.

Abstract:

Since the Named Data Networking (NDN) data plane requires name-based lookup of potentially large tables using variable-length hierarchical names as well as per-packet state updates, achieving high-speed NDN forwarding remains a challenge. In order to address this gap, we developed a high-performance NDN router capable of reaching forwarding rates higher than 100 Gbps while running on commodity hardware. In this paper we present our design and discuss its tradeoffs. We achieved this performance through several optimization techniques that include adopting better algorithms and efficient data structures, as well as making use of the parallelism offered by modern multi-core CPUs and multiple hardware queues with user-space drivers for kernel bypass. Our open-source forwarder is the first software implementation of NDN to exceed 100 Gbps throughput while supporting the full protocol semantics. We also present the results of extensive benchmarking carried out to assess a number of performance dimensions and to diagnose the current bottlenecks in the packet processing pipeline for future scalability enhancements. Finally, we identify future work which includes hardware-assisted ingress traffic dispatching, dynamic load balancing across forwarding threads, and novel caching solutions to accommodate on-disk content stores.

Abstract:

One unique architectural benefit of Named Data Networking (NDN) is adaptive forwarding, i.e., the forwarding plane is able to observe data retrieval performance of past Interests and use it to adjust forwarding decisions for future Interests. To be effective, adaptive forwarding assumes Interest Routing Locality, meaning that Interests sharing the same prefix are likely to follow a similar forwarding path within a short period of time. Therefore, past observations can provide insight into how forwarding will likely perform for the same prefix in the near future. Since Interests can have multiple common prefixes with different lengths, the real challenge is determining which prefix length should be used in adaptive forwarding to record path measurements - we refer to this as the Prefix Granularity Problem. The longer the common prefix is, the better Interest Routing Locality. However, finer grained-prefixes cover fewer Interests each and require a larger forwarding table. Existing adaptive forwarding designs use a static prefix length, which is known to encounter issues in the event of partial network failures. In this work, we propose to dynamically aggregate and de-aggregate name prefixes in the forwarding table in order to use the prefixes that are the most appropriate given current network situation. In addition, to reduce the overhead of adaptive forwarding, we propose mechanisms to minimize the use of longest prefix matching during the processing of Data packets. Simulations demonstrate that the proposed techniques can result in better forwarding decisions in the event of partial network failures with significantly reduced overhead.

Abstract:

Information Centric Networking (ICN) is growing in both popularity and maturity. Two highly-related architectures under the ICN umbrella, Content Centric Networking (CCNx) and Named Data Networking (NDN), received significant effort to improve their forwarding performance. Despite this focus, little work has been done to evaluate ICN forwarders in a comprehensive and rigorous manner. Furthermore, the preexisting literature in IP can only apply broadly due to the substantial differences between the architectures.

In this paper, we provide a methodology to analyze the performance of ICN forwarders. Our testing methodology has two key focuses: (i) packet processing performance is the primary metric of exploration, as bytes are usually cheap; and (ii) the PIT, FIB, and Content Store are the primary structures to probe when considering performance impact. With these focuses in mind, we present a series of behavioral microbenchmarks that can probe the performance of CCNx/NDN forwarders in a rigorous way. To show the efficacy of these experiments, we apply them to the reference forwarders of the CCNx and NDN architectures, Metis and NFD, giving us a careful understanding of their performance characteristics. Additionally, these microbenchmarks should readily apply to high performance forwarders in the space.

Abstract:

Digital signatures are a fundamental building block for ensuring integrity and authenticity of contents delivered by the Named Data Networking (NDN) systems. However, current digital signature schemes adopted by NDN open source libraries have a high computational and communication overhead making them unsuitable for high throughput applications like video streaming and virtual reality gaming. In this poster, we propose a real-time digital signature mechanism for NDN based on the offline-online signature framework known as Structure-free and Compact Real-time Authentication scheme (SCRA). Our signature mechanism significantly reduces the signing and verification costs and provides different variants to optimize for the specific requirements of applications (i.e. signing overhead, verification overhead or communication cost). Our experiments results show that SCRA is a suitable framework for latency-sensitive NDN applications.

Abstract:

In this poster, we discuss design options for a LoRaWAN and LoRa transmission system to employing Information-Centric Networking (ICN). ICN has been successfully applied to LoWPAN scenarios and can provide many benefits with respect to object-based security, performance, disruption tolerance and usability. Our findings indicate that the current LoRaWAN MAC layer is impractical for an ICN request-response with caching. We present ideas for a new MAC layer that harmonizes the long-range LoRa radios with ICN.

Abstract:

Information-centric networking (ICN), as an antithesis of host-centric networking, denotes a paradigm shift in communication networks. It introduces names to the network layer and favors de-localized content instead of addresses and hosts. ICN is an attempt to design a network tailored to demands of users who only care about data. The simplicity of this basic premise, however, turns out to be rather deceptive; a pitfall in waiting on the path of ICN to wide-scale deployment. Surely users care about data, but they also care about trust, accountability, private communication, and everything else that the current Internet provides beside mere content. This paper is a first attempt in pinpointing the missing non-technical aspects that are crucial to success of ICN as a viable replacement for the Internet.

Abstract:

Named Data Networking (NDN) relies on public key signing to ensure integrity and authenticity for all data packets fetched in the network. One of the considerations for reliability of such signing is limiting the scope (what the key can sign) and time (how long the key can sign) of the public keys and their certificates, usually referred to as “least privilege principle.” Traditionally, the public key certificates are issued for relative long periods of times measured in months or years; which requires considerations for certificate revocation, e.g, when the private key is lost or compromised. However, if the validity periods can be reduced to days or hours, the complex (and sometimes semi-broken) revocation mechanisms can be completely eliminated. This poster proposes such a mechanism—CertCoalesce certificates—to efficiently manage virtually unlimited pools of short-term certificates with limited networking, storage, and computational overheads. Specifically, a single certificate request with a “primary” key can be used to bootstrap the process of creating an unlimited number of short-term certificates for derivative private/public keys. Moreover, such certificates can be issued asynchronously—periodically pre-provisioned or upon request with an Interest—terminating issuance of future certificates when necessary. Moreover, CertCoalesce design owing to the underlying elliptic curve cryptography ensures that a compromised key from the pool of keys will not reveal information about other keys/certificates in the pool.

Abstract:

This demo shows an implementation of distributed object storage over NDN. It demonstrates how to reliably store and distribute data generated from sensors that do not have storage capability or generate large amounts of data. Chipmunk is an NDN based object storage system that leverages metadata that has data names and data locations to enable object storage service in a distributed system.

Abstract:

We explore the Named Data Networking architecture by designing a file sharing app which can share files utilizing the network layer. This app demonstrates the usefulness of the NDN architecture in a small, standalone application which is an important step before widespread adoption. The app also highlights the difficulties newcomers to NDN have in picking up the design principles and tools.

Abstract:

The NDN Forwarding Daemon (NFD) has been a reference forwarder implementation of Named Data Networking. Its good modularity and extensibility make it easy to experiment with new ideas, but it shows limited forwarding performance even with multi-core CPUs because its forwarding structure uses only single core. We present the Multi-Worker NFD (MW-NFD), an NFD-compatible NDN forwarder with parallel forwarding capability on multi-core CPUs. Since the NFD’s forwarding architecture is maintained as is, MW-NFD inherits the advantages (modularity and extensibility) of NFD, and it is fully compatible with NFD and existing NDN applications. In this demo, we shows that MW-NFD can yield high forwarding performance, about 13 times higher than NFD’s performance.

Abstract:

Fuzzing is a very popular automated testing technique that has yet to be applied in any significant way to NDN (Named Data Networking). NDN and its software forwarding daemon NFD present interesting challenges for fuzzing. To be effective, a fuzzer for NFD needs to be both stateful, due to the nature of the NDN data plane, and aware of the packet structure and the rules governing the NDN wire protocol. In this work we present the design of our NFD fuzzer and provide an overview of its most salient implementation details.