![© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• This paper is not about a new transport protocol
for (h)ICN
• This paper describes a transport framework
developers can use for (h)ICN application
development
• (h)ICN = {NDN, CCN, hICN1}
• Transport services and API
Disclaimer
[1] Luca Muscariello et.al., "Hybrid Information-Centric Networking, Internet Area WG,
Internet-Draft, https://datatracker.ietf.org/doc/ draft-muscariello-intarea-hicn", June 2018](https://image.slidesharecdn.com/slides-papers-14-190613075822/85/A-Transport-Layer-and-Socket-API-for-h-ICN-Design-Implementation-and-Performance-Analysis-2-320.jpg)
![© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Transport framework implemented as C++ library
• VPP1 integration
• Full userspace implementation
• Shared memory between transport framework and L3 forwarder
• No context switching overhead
• Manifest support: amortized crypto operations cost
Performance and Efficiency
[1] White Paper - Vector Packet Processing - One Terabit Software Router on Intel Xeon Scalable Processor Family Server. https://fd.io](https://image.slidesharecdn.com/slides-papers-14-190613075822/85/A-Transport-Layer-and-Socket-API-for-h-ICN-Design-Implementation-and-Performance-Analysis-9-320.jpg)
![© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Cluster of 150 clients connected to an ICN enabled Apache Traffic Server
(ATS)
• HTTP Reverse Proxy, 2 GB cache, nginx origin server serving 48 channels
• Each client requests one of the 48 available channels (zipf distribution,
⍺=1.4/0.7), using the congestion control algorithm published in [1]
• An HTTP Request can be directly served by the transport (rather than by
ATS), if the corresponding Response has been already published in the
Producer socket output buffer
Experiment Setup
[1] G. Carofiglio, et al. "Multipath congestion control in content-centric networks"](https://image.slidesharecdn.com/slides-papers-14-190613075822/85/A-Transport-Layer-and-Socket-API-for-h-ICN-Design-Implementation-and-Performance-Analysis-16-320.jpg)
A Transport Layer and Socket API for (h)ICN: Design, Implementation and Performance Analysis
- 1. Mauro Sardara, Luca Muscariello, Alberto Compagno ACM ICN 2018 September 23rd 2018 Design, Implementation and Performance Analysis A Transport Layer and Socket API for (h)ICN
- 2. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • This paper is not about a new transport protocol for (h)ICN • This paper describes a transport framework developers can use for (h)ICN application development • (h)ICN = {NDN, CCN, hICN1} • Transport services and API Disclaimer [1] Luca Muscariello et.al., "Hybrid Information-Centric Networking, Internet Area WG, Internet-Draft, https://datatracker.ietf.org/doc/ draft-muscariello-intarea-hicn", June 2018
- 3. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • Common trend on ICN: writing application directly on top of the network layer: • Packet-level control of the communication • Application developers forced to deal with: • Congestion control • Segmentation and reassembly • Crypto operations • … Does ICN need a transport framework? Not always easy to implement Discourage developers from writing ICN application Put a limit on ICN adoption
- 4. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Does ICN need a transport framework? • Applications want to exchange Data Unit in a simple way • Typically without dealing with the network • Requirements: • A transport layer providing services to them • A simple way to access these services • One of the reasons of the success of TCP/IP has been the development of a transport framework and a simple Socket API allowing application developers to communicate through the network as if they were writing to a file • A transport layer and a clean socket API for ICN could enhance its adoption and simplify the development of new application
- 5. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Design principles • Separation between transport services and application logic • Simple Socket API enhancing portability and integration • Performance and efficiency • Evolutionary deployment of ICN into existing applications • Security: authentication and integrity as built-in transport services
- 6. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Application ADU Forwarding Engine L3 PDU (I/D) Transport framework Transport Segmentatio n Authenticatio n Namin g Integrit y Reassembly Verificatio n Congestion Control Fetching Producer Services Consumer Services Routing and Forwarding Application Logic Transport Services
- 7. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • How transport services are exposed to applications? • BSD-like socket API • Based on socket interface extension for IPv61 • icn_socket(), icn_sendto(), icn_recvmsg(), icn_bind(), icn_setsockopt()… • New address family: AF_ICN • Socket types: SOCK_CONS and SOCK_PROD • Protocol types: CONS_REL/CONS_UNREL and PROD_REL/PROD_UNREL • Simple, clear and widely adopted • Easier to insert into current applications ICN Socket API 1. Basic Socket Interface Extensions for IPv6. Technical Report 3493. https://rfc-editor. org/rfc/rfc3493.txt
- 8. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Producer Socket Consumer Socket Interest Input Buffer Data Output Buffer Integrity Authentication Segmentation Naming Hit Miss Interests Application (e.g. HTTP Client) Interest Output Buffer Data Input Buffer Data Packets Integrity/Auth Check ReassemblyData Retrieval Protocol Interests Data Packets Application (e.g. HTTP Server) Interests can be satisfied directly at the transport layer icn_sendto() icn_recvmsg() icn_recvfrom()
- 9. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • Transport framework implemented as C++ library • VPP1 integration • Full userspace implementation • Shared memory between transport framework and L3 forwarder • No context switching overhead • Manifest support: amortized crypto operations cost Performance and Efficiency [1] White Paper - Vector Packet Processing - One Terabit Software Router on Intel Xeon Scalable Processor Family Server. https://fd.io
- 10. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • Native security features, transparently offered to each application • 2 Approaches: Manifest authentication vs per packet authentication • Per Packet Authentication Authentication and Integrity • Manifest Authentication Signed Manifest Data Packet 1 Data Packet 2 Data Packet 4 Data Packet 3 Data Packet 1 Data Packet 2 Data Packet 4 Data Packet 3 Integrity verified with HASH inside Signed Manifest. Integrity verified with the signature itself Signed Data Packet
- 11. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • How do basic ICN security services (authentication and integrity) affect the communication? • What benefits can an ICN-based transport framework bring to existing applications? Performance Evaluation
- 12. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Crypto operations impact Consumer VPP VPP Producer • Cisco UCS Type-C • Intel(R) Xeon(R) CPU E5-2695 v4 • 256 GB of RAM • Intel 82599ES 10-Gbps NIC • 10Gbps Cisco-Nexus 5k • 1500 Byte MTU • No hardware offloading Nexus UCS 1 UCS 2 Comparison: Consumer goodput w/ crypto Consumer goodput w/o crypto
- 13. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Crypto operations impact 9.19 5 9.24 2.45 0 2 4 6 8 10 Application goodput - No crypto operations Gbps Goodput w/o Crypto Linux TCP Cubic (w/ TSO) Linux TCP Cubic (w/o TSO) VPP TCP Newreno ICN (1) 525 26 928 290 0 200 400 600 800 1000 Application goodput Mbps Goodput w/ Crypto Manifest RSA-1024 - Synchronous publication Packet-Wise RSA-1024 - Synchronous publication Manifest RSA-1024 - Asynchronous publication Packet-Wise RSA-1024 - Asynchronous publication (1) Results at the time of the writing, now ~ 5.5 Gbps.
- 14. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • DASH linear video distribution • Video traffic on the internet ~ 82 %1 • Scalability challenge for content providers (e.g. Verizon) • Servers need to manage hundreds of thousand of TCP sessions • Heavy CPU and memory impact • Current solution: horizontal scaling • Can we improve the current video delivery system? • ICN transport framework can provide multicast to applications • One socket per channel instead of one socket per user ICN Evolutionary deployment: benefits for existing apps 1 Cisco Visual Networking Index: Forecast and Methodology - 2017
- 15. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Transport layer (h)ICN producer transport vs TCP transport Video Server Video Segment … U1 U2 U3 U4 Un-2 Un-1 Un Video Server … U1 U2 U3 U4 Un-2 Un-1 Un S S S S …S S S Pull Based Stateless One socket per video channel E.g. live content broadcasting of popular content Push Based Stateful n socket for n clients Clients requesting same video channel Producer Socket
- 16. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • Cluster of 150 clients connected to an ICN enabled Apache Traffic Server (ATS) • HTTP Reverse Proxy, 2 GB cache, nginx origin server serving 48 channels • Each client requests one of the 48 available channels (zipf distribution, ⍺=1.4/0.7), using the congestion control algorithm published in [1] • An HTTP Request can be directly served by the transport (rather than by ATS), if the corresponding Response has been already published in the Producer socket output buffer Experiment Setup [1] G. Carofiglio, et al. "Multipath congestion control in content-centric networks"
- 17. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Scalability Results 17 1243.1 1311.7 1430.5 58.6 62.8 60.7 0 500 1000 1500 2000 50 Clients 100 Clients 150 Clients MByte ATS Memory Usage TCP/IP ICN 17.4 30.7 45.2 5.7 7.5 8.7 0 10 20 30 40 50 60 50 Clients 100 Clients 150 Clients % ATS CPU Consumption TCP/IP ICN 67 40 35 46 23 19 0 20 40 60 80 50 Clients 100 Clients 150 Clients %oftotaltraffic Traffic gen. by ATS ⍺=0.7 ⍺=1.4
- 18. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • Consumer-producer API for named data networking. ICN (2014) • No built-in security services – Signature and verification left to applications • No evaluation • CCNx Transport Library • No support for producer services • Limited API • NaNET: socket API and protocol stack for process-to-content network communication. ICN (2014). • No evaluation • Not clear how to access transport services such as authentication Previous work
- 19. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • General transport framework for ICN applications • Fast userspace implementation based on VPP and DPDK • API allowing extensions and integration in today applications • Significant impact of crypto operations on overall transport performance • Possible improvement with hardware offloading (e.g. Intel OAT acceleration) • Benefits of ICN transport services in today’s application (DASH) • Prototype available soon on FD.io (https://wiki.fd.io/view/Cicn) • Supported Platforms: Ubuntu, CentOS, MacOS Conclusions
Editor's Notes
- #3: Remove outline
- #4: Be more clear about separation application – transport tasks
- #6: Why a socket library? For many reasosn. Here we analyze the application point of view Applications are relieved from the task of managing L4 problems such as Segmentation and congestion control Applications deal just with ADUs and do not have to manage the PDUs Consistency: Different applications use the same interface for dealing with repeated problem
- #7: First, we have the application. Application deals just with ADU, no interest and data are processed by applications. They can still process them, but through some hook they put inside the library. Second, the Socket Library: it process L3/4 messages, interest and data, and prepares application data units for applications. The socket library then talks with the ICN forwarder, by sending and receiving interest and data. The services offered by the library can be easily separate in 2 groups: the first group contains the services for a producer application, while the second contains the services used by a consumer application. Since they are orthogonal, we can split the generic transport socket into 2 unidirectional sockets: the consumer socket and the producer socket.
- #9: Add discussion of the data output buffer placement + implications (security, producer authentication with the forwarder….)
- #11: Remind the bottleneck is the hash verification, not the signature (in the manifest case)
- #14: Change colors Motivate TCP comparison Hardware offloading - Highlight hardware offloading need Remind theoretical limit Add inline comments
- #15: Explain better the experiment (what is DASH video distribution, why we used this…) Add statisics about DASH video distribution, describe problem before, cite Verizon
- #18: Change colo
- #19: Underline the fact there is not evaluation. Is it feasible? None of these works has been adopted in the ICN implementations.
- #20: Add final slide with summary Add operations of the transport (sharable among many apps), underlying it is convenient to have there in the transport Reference of the new results Remind people there is a framework they can contribute and use, open source..