Dirk Kutscher

Personal web page

Edgy with a Chance of RIOTs

without comments

Report from IRTF T2TRG Meeting, RIOT Summit, ACM ICN Conference, and IRTF ICNRG Meeting

 

 

Berlin saw a remarkable series of research, coding, demonstration and open discussion events on the Internet of Things and Information-Centric Networking last week. It brought together an interesting mix of researchers, developers, entrepreneurs and thought leaders, which facilitated making real progress and moving the needle in next-generation networking for IoT, edge computing and decentralized operations. In my view the whole setup (although demanding in terms of commitment by organizers and participants) can likely serve as a prototype for future un-conference (and un-standards-meeting) events that want to put emphasis on constructive discussions and progress making instead of paper publication and marketing. For those who have been unlucky to miss it, I have written this (eclectic) summary (please refer to the respective events’ web pages for a complete view). Also note, I am not speaking for the organizers of the different events.

Introduction & Executive Summary

The Internet of Things, Edge Computing, Virtual/Augmented/Mixed Reality are popular buzzwords in the networking industry and academic community. Unfortunately, the popularity and the associated revenue expectations often lead to proposed solutions that try to leverage (often failed) foundations from related domains (e.g., the telco area), that compromise on security and performance and that lead to complex point-solutions. For example, in IoT, past experience in factory automation, home networking etc. have led to the popular assumption that most IoT networks will be built with the notion of a gateway that connects controllers, sensors on different incompatible fieldbus networks to cloud backends, employing significant translation magic to enable connectivity and semantic interoperability. People often use the term convergence to describe the fact that a zoo of different technologies will be integrated in such frameworks.

Converting to Internet Technologies

However, the Internet research and technology development community has demonstrated before (when multi-media real-time communication made telephony just another service on the Internet) that conversion (not convergence) is what actually creates an interoperable and extensible set of technologies. In IoT, protocols such as 6lowpan (IPv6 over Low power WPAN) and CoAP (Constrained Application Protocol) are enabling an efficient, secure, end-to-end communication service for the Internet-of-Things, where the Internet does not necessarily terminate at a predefined gateway. Instead, the Internet communication semantics can be extended to constrained devices — providing one stable platform of communication, obsoleting a lot of cruft that current IoT “industry standards” represent.

Semantic Interoperability

Beyond the fundamental connectivity layer, it is important to agree on they way Things in the IoT actually interact with one another, i.e., request-response type of interaction, publish-subscribe, RESTfulness, group communication etc. CoAP enables different interaction types on a Thing-to-Thing-based communication model. But when you compose/deploy/re-program IoT networks, how do you actually know how to communicate with your Things? How do you learn about available resources and the correct way to interact with them? How do Things and their users understand the physical-world effects, and, finally, how can you (reliably and securely) create larger applications that leverage Things in the IoT?

There are different approaches for describing and discovering resources. In the age of Service-Oriented-Architectures, people came up with resource description frameworks etc., enabling a first level of semantic interoperability. In the IRTF Thing-to-Thing Research Group (T2TRG), we are trying to find a sweet-spot between expressiveness, simplicity and flexibility with respect of re-using and re-combining resources for new purposes. This work is leveraging ideas from the web (hypermedia in general) so that “simple things should be simple; complex things should be possible”. Information-Centric Networking (ICN) also has a relation to semantic interoperability — I will talk more about it when summarizing the ICN conference below.

Data-Oriented Networking and Forwarding Abstractions

In IoT most interactions are actually not about sending bits from host A to host B — most often, we are interested in accessing names resources such as sensor readings, the result of an actuation request — regardless of network and host addresses. Similar considerations apply to other applications, too — for example web applications, video streaming and virtual reality. Realizing these applications today requires a stack of overlays for secure communication (server authentication and confidentiality through TLS), storage for resource sharing and latency reduction (CDN), and application-specific in-network processing (for example, routing IoT data to intended and authorized consumers).

In more advanced and/or challenging network scenarios such as multipath communication or data sharing in the IoT, the trade-offs that the traditional overlay approach requires are becoming increasingly painful. For example, TLS-based connection-oriented security may be a good approach for tele-banking, but it clearly gets into the way when we want to communicate in dynamic environments (with changing IP addresses etc.) or when we want to disseminate and consumer data from multiple producers securely in the IoT.

Being able to access named data regardless of current node addresses is a concern in more traditional frameworks such as CoAP, too. ICN addresses this by providing access to named (and authenticated) data as a first-order service. The network relies on named data access on the Internet layer, so that security (name-content binding, access control, confidentiality) does not depend on from where a particular data object has been retrieved. Obviously, this can facilitate communication in dynamic network topologies (mobility, disruptions) as well as enhance efficiency and reliability (caching) and is thus attractive for IoT but also for most other application domains.

The way that ICN implements the accessing-named-data service on the Internet layer enables peers and intermediary nodes to support forwarding and effective data dissemination in a network. For example, compared to IP, a router has slightly more visibility of request-response latency and data availability (potentially per name prefix) which can inform queue management, forwarding behavior and caching strategies. This is the basis for better transport performance in more conventional networks. In IoT, an enabled forwarding layer can help to optimize data availability in the presence of disruptions, power-saving and improve mesh network routing by leveraging information about data interest at certain parts of the network.

Because ICN can enable application-independent in-network caching directly on the Internet layer (as opposed to on the application layer as CDNs do) you can also characterize ICN as a democratizing technology: it enables data production and efficient sharing over the network by everyone and for any application — without requiring permissions from ISPs or contracts with CDN providers.

Regardless of ICN or any other technology, the technical question is “what is an appropriate forwarding abstraction?”  — for the new Internet that includes the IoT and other domains. From an Internet perspective, it would certainly be good if one could find a suitable comprise and arrive at a functionality set that is as powerful as needed — but not too powerful in terms of requiring application-specific knowledge and functionality at too many places in the network to be useful. To that end, ICN is inspired by IP and provides a minimal thin-waist (in the Internet stack hour glass model) but provides more functionality for in-network forwarding and caching strategies.

The ICN Conference and the ICNRG meeting last week discussed technical aspects of applying this technology to different application domains such as IoT: how to automate trust management, how to map ICN protocols efficiently to lower layer protocols such as IEEE 802.15.4, how to manage/bootstrap such networks securely, and how use the ICN protocol semantics for IoT use cases, for example asynchronous data generation.

Edge Computing

Edge Computing is becoming increasingly popular these days, and there are many good reasons to rethink current cloud-centric compute service architectures. For example, in industrial IoT, there are strong trust-sensitivity reasons for not shoveling all data to the cloud by default for processing and redistribution. Instead the data needs to be processed, potentially stored and shared close to the producers and consumers in an industrial IoT network. Or, as another example, infrastructure support for Virtual Reality  has low-latency requirements that mandate placing the compute function close to the display device.

There are different ways to do edge computing though — some approaches can be seen as extending today’s cloud infrastructure to the edge — to so-called edge gateways or to multi-tiered arrangements of compute platforms (fog computing). Also, popular CDN platforms provide some form of in-network computation already, so it seems attractive to extend these platforms to the edge.

From an Internet technology perspective, it is important to understand the implications of different architecture with respect to security and privacy (does edge computing mean we have to entrust unknown proxies to intercept our communication sessions?), permissionless innovation (can anyone run distributed computations in the network, or do you have to be a big content/service provider?), and generality (if edge computing means shipping VMs images to edge gateways, what about constrained networks/platforms?).

In the Thing-to-Thing context, we are discussing options for light-weight in-network computing that does not necessarily have to rely on an ossified architecture of constrained IoT network, edge gateway, and cloud backend. Similarly to thing-to-thing communication, would it be possible to design IoT edge computing in a way that allows some nodes in the network to offer compute services for other (possibly more constrained) nodes, and can this be achieved without complicated, and in the worst case, manual orchestration?

In ICN, the combination of accessing static named data and dynamic computation results in the same framework seems to be a very elegant and powerful approach to edge computing. For that reason, Intel and the NSF have recently decided to fund three research projects on ICN in wireless edge networks. One interesting aspect in this context is the idea not treating edge computing (and its applications) as a very special case in a distributed computing architecture. Instead, applications such as Virtual Reality could essentially just be web applications that leverage standardized protocols, media formats and dynamic code execution.

One particular proposal blending static data access with dynamic in-network computation in ICN is called Named Function Networking (NFN). NFN applies functional programming concepts (expression reduction, code as data, memomization) to networking and thus provide a light-weight in-network computation platform that can ultimately provide similar features as stream processing and distributed data bases under one single abstraction.

Going Cloudless

The Internet was designed as a distributed, decentralized system. For example, intra- and inter-domain routing, DNS, and so on were designed to operate in a distributed manner. However, over time the dominant deployment model for applications and some infrastructure services evolved to become more centralized and hierarchical. Some of the increase in centralization is due to business models that rely on centralized accounting and administration. However, we are simultaneously seeing the evolution of use cases (e.g., certain IoT deployments) that cannot work (or which work poorly) in centralized deployment scenarios along with the evolution of decentralized technologies which leverage new cryptographic infrastructures, such as DNSSEC, or which use novel, cryptographically-based distributed consensus mechanisms, such as a number of different ledger technologies.

One example that was mentioned at the T2TRG meeting on Sunday was the coordination of different wireless networks that compete for spectrum in a geographic context. For large-scale, managed spectrum sharing you could employ centralized databases for recording who is entitled to use what frequency band in a certain geographic location. In more dynamic settings like a multi-vendor, multi-radio technology IoT network deployment, this centralized approach may not work that well.

Decentralizing trust management, identity management, name resolution etc. could thus be another interesting factor towards democratizing network and application usage on the Internet. Less applications in the future may have to depend on centralized cloud services, and new players may be able to introduce innovative services. These ideas touch upon T2TRG work as well as ICN (that promote decentralized operation by itself). We are therefore kicking off a new proposed Research Group on Decentralized Internet Infrastructure in the IRTF.

Open Source and Free Software

In IoT one crucial element is the operation system platform for constrained devices. There are a few one that a freely available, and some companies have developed their own OSes, sometimes also marketed as Open Source. Open Source IOT OS software is important for two reasons: 1) For providing a platform that people can start new developments at minimal cost; and 2) For providing a platform that is reviewed and ideally governed by an open community process. If you think about security bugs/fixes, it has been demonstrated that the ability to review code and to propose changes improves the security and stability of software systems significantly compared to closed-source approaches, also with respect to agility when quick response to a new security threat is required.

Unfortunately, Open Source has become a marketing term these days, and many people confuse the availability of for-free software with Open Source. In addition to actually obtaining source code, two other important factors are licensing models and the project governance. Who actually decides about integrating proposed changes and future directions?

The RIOT OS project has developed a modern UNIX-like, very modular, very lightweight IoT OS that licensed under LGPL. The project is governed by a transparent and open community process, which has led to many useful extensions in the past, for example the addition of ICN support through integration of CCN-Lite or the addition of CAN bus functionality. RIOT’s architecture, its modularity and flexibility has led to increasing popularity and its wide availability on many different target platforms, which was demonstrated at the RIOT summit last week.

TL;DR

There is lots of activity in making the Internet better and bringing it to new places. Last week’s series of research events on IoT and ICN demonstrated new approaches towards Internet-inspired, direct communication. The most important meta aspects (in my view) are disintermediated communication, semantic interoperability, data-oriented communication and edge computing, and democratizing network operation and innovation through decentralizing communication and network infrastructure. The following sections represent my eclectic summary of theses meetings, focusing on these aspects.

IRTF Thing-to-Thing Research Group

The T2TRG meeting took place on Saturday/Sunday (September 23/24). One particular technology in T2TRG’s activities on semantic interoperability is the Constrained RESTful Application Language (CoRAL) by Klaus Hartke that “defines a data model and interaction model as well as two specialized serialization formats for the description of typed connections between resources on the Web (“links”), possible operations on such resources (“forms”), and simple resource metadata” (presentation slides from the meeting). CoRAL is essentially a constrained-environment-compatible hypermedia framework that can be used by IoT applications to discover node capabilities in a modern, flexible way.

On the topic of coordination and consensus using decentralized network infrastructure, Laura Feeney talked about “A role for higher layer protocols in mitigating wireless interference”, illustrating the use case of coordination between different (unknown) wireless networks that may compete with each other for spectrum (slides will become available here). Pekka Nikander introduced an upcoming EU H2020 project on Secure and Open Federation of IoT Systems (SOFIE) that is going to start 2018. The project plans to investigate use cases and ledger federation approaches to connect different types of IoT applications and their ledger infrastructure. I gave a talk on decentralized network infrastructure and considerations for T2T edge computing (as described earlier).

RIOT Summit 2017

The RIOT summit 2017 took place on Monday/Tuesday (September 25/26).  The keynote on Permutation-based Cryptography for the Internet of Things was presented by Gilles van Assche. The rest of the agenda was split up into topical sessions on IoT Security, Virtualization & Bootstrappping, Use Cases, and Networking. The second day featured different tutorials and coding sessions. In addition, there were many demos and posters on specific applications of RIOTs, new ideas etc.

In the Virtualization and Bootstrapping session, Marcel Enguehard talked about Cisco’s “Large-scale experiments on virtual ICN-based IoT networks with vICN“, an automated emulation platform, allowing for connecting physical devices for experiments.

In the Use Cases session, Michael Frey gave a presentation titled “Cloudy with a chance of RIOTS — Towards an Open Industrial Internet“, describing the R&D work at MSA on RIOT-based IoT appliances. In the same session,  Joern Alraun gave an introduction to the “Calliope mini“, a single-board computer for teaching. I am personally interested quite a bit in didactics of computer science (and am deploring the sad computer science education situation at most schools…).

In the Networking session, Vincent Dupont talked about “RIOT and CAN” and reported on OTAkeys’ development of a CAN implementation for RIOT (that has been integrated into the project) and its application to a commercial product related to vehicle on-board diagnosis (OBD). This resonated well with me, because I know how limited closed-source commercial OBD-2 adapters typically are, so the availability of an open platform sounds great for working with cars that use proprietary extensions etc.

Overall, the RIOT summit exhibited a vibrant community, and it was great to see an increasing number of commercial applications.

ACM ICN Conference

The ACM ICN 2017 Conference took place from Tuesday through Thursday (September 26 — 28). The first day saw three tutorials on 1) NDN, CCN-Lite, RIOT, 2) FD.io/cicn, and 3) Umobile, all of them were really well attended. The conference itself was organized into 6 technical sessions on Security, Architecture, Forwarding, Caching & Mobility, Infrastructure, and miscellaneous topics. In addition, there was a panel discussion on ICN & Operating Systems.

Jon Crowcroft presented the keynote on Private Namespaces in ICN. In his talk Jon made the connection of earlier work on reliable multicast (PGM — Pragmatic General Multicast) to ICN — both technologies can achieve scalable data distribution, albeit in different ways. He also made the connection of ICN and distributed ledger technologies (DLT) — as both technologies can be characterized as democratizing networking in their respective ways. ICN can provide a general-purpose multicast-like distribution infrastructure that can be used by anyone for any application without requiring prior contractual agreements, and DLT can be a basis for decentralized digital currencies and other ledger-based services in communication networks.

The best paper was titled “Jointly Optimal Routing and Caching for Arbitrary Network Topologies” (slides) by Stratis Ioannidis and Edmund Yeh. The paper presents polynomial time approximation algorithms for the (normally NP-hard) problem of jointly optimizing routing and caching for arbitrary topologies. This paper is noteworthy because the proposed solution can reduce routing cost in ICN dramatically, and furthermore, the work is applicable beyond ICN.

The Security session featured a paper titled “NDN DeLorean: An Authentication System for Data Archives in Named Data Networking” (slides) by Yingdi Yu, Alexander Afanasyes, Jan Seedorf, Zhiyi Zhang, and Lixia Zhang.  NDN DeLorean is  authentication framework to ensure the long-term authenticity of long-lived data, inspired by Certificate Transparency.   It is using a publicly auditable bookkeeping service approach to keep permanent proofs of data signatures and the times when the signatures were generated. I found this work interesting and important because it can provide a basis for trust management and attestation services in ICNs, with a purely data-oriented security approach.

In the Architecture session, there was a presentation of a short paper titled “Improved Content Addressability Through Relational Data Modelling and In-Network Processing Elements” (slides) by Claudio Marxer and Christian Tschudin. This work represents new ideas how relational database concepts can be applied to an ICN/NFN framework so that general-purpose processing of elements in ICN Named Data Objects becomes possible, which could be an interesting feature in NFN-based in-network computation, especially in application domains such as IoT. I found this work interesting and relevant because it can be seen as an ICN contribution to semantic interoperability, enabling application components to “talk” to each other across application silos.

The Forwarding session featured a paper titled “Path Switching in Content Centric and Named Data Networks” (slides) by Ilya Moiseenko and Dave Oran. The work described in this paper is leveraging the path symmetry in CCN/NDN for computing end-to-end label paths that can be used to steer forwarding of subsequent requests through the network. Over time, a consumer potentially different available paths for a certain prefix or set of prefixes and can then provide hints to forwarding nodes as to which particular path to use. I found this work interesting and relevant because it provides an MPLS-like functionality solely by leveraging data plane functions, i.e., unlike MPLS in IP, this approach would not need and label configuration and a corresponding control plane.

In the so-called Potpourri session, there was a presentation of a paper on ICN edge computing titled “NFaaS: Named Function as a Service” (slides) by Michael Krol and Ionnis Psaras, presenting an edge/fog computing extension to NDN that is leveraging very lightweight VMs, thus allowing dynamic code execution in a VM-based approach. Similarly to NFN, this work represents function names in Interest messages (that identify unikernel images). Some forwarding provide additional VM execution capabilities and can decide whether they want to fetch, store and execute the named images. NFaaS implements different forwarding strategies for delay-sensitive and for “bandwidth-hungry” services that can lead to different locations for the respective function execution. I found this work interesting and relevant because it proposes a framework for ICN-in network computation that enables certain useful optimizations with respect to function placement, without relying on centralized management with a  global network view.

A particular highlight of this year’s conference was the demo and poster session that featured 12 (!) demos and 13 posters, which was praised by many attendees. The best-demo award went to Nikos Fotiou, George Xylomenos, George Polyzos, Hasan Islam, Dmitrij Lagutin, and Eero Hakala for their demo on “ICN enabling CoAP Extensions for IP based IoT devices“. Another demo that impressed me was on “Panoramic Streaming using Named Tiles” by Kazuaki Ueda, Yuma Ishigaki, Atsushi Tagami and Toru Hasegawa. This demo showed how 360-degree video can be made more efficient through ICN by segmenting the video into named tiles that a consumer can request independently. A video renderer can thus request the required tiles for a particular field-of-view at a time only, thereby saving significant amount of bandwith. In conjunction with other ICN features such as caching and multipoint distribution, this approach can help to make 360-degree video much more viable in constrained networks.

Overall ACM ICN 2017 was a great research festival, and it was especially fascinating to see the all the different demos that applied ICN to a wide range of application domains, including IoT, video, tactical networks, robotics etc. I am really looking forward to ACM ICN 2018 that will be held at Northeastern University in Boston.

IRTF ICN Research Group

Finally, ICNRG had an interim meeting on Friday (September 29) that was focused on new research work and allowed a good amount of time for in-depth discussion (which is not always possible in the more rigid framework of an academic conference).

Michael Frey presented thoughts “Towards an ICN-powered Industrial IoT” and described specific requirements for MSA’s mobile safety appliances. The talk also provided some insights on the particular approach towards ICN for Industrial IoT at MSA and reported some intermediate experimentation results, for example using pub/sub communication in NDN.

Mayutan Arumaithurai and Dennis Grewe presented “Information-Centric Mobile Edge Computing for Connected Vehicle Environments: Challenges and Research Directions“. The talk featured the description of a mixed reality use case called “Electronic Horizon” for cars and a discussion of how its specific edge computing requirements can be met by ICN, pointing at interesting directions for future research.

Michael Krol talked about “Adapting ICN to Function Execution for Edge Computing” and the different research challenges he encountered such as PIT Expiry (when computations take longer…), security, authorization (for function execution), leveraging hardware-based cryptography and secure execution environments (SGX etc.).

This time, we tried a new interactive format at ICNRG which featured a panel-like discussion (with active participation from the rest of the group). The topic was “ICMP-like control-plane communication  for ICN“, following up on an earlier discussion at the last meeting and and on the mailing list. The discussion featured the following contributions:

  1. Non-Application Messages for ICN (Panel introduction by Dave Oran)
  2. Do we need an ICMP for NDN (Thomas Schmidt)
  3. Fraudulent Names (Christian Tschudin)
Full house at ICNRG when Dave Oran kicks-off a discussion in ICN control plane communication

Full house at ICNRG when Dave Oran kicks-off a discussion on ICN control plane communication

During the discussion we clarified what we mean by control messages and discussed several options for representing corresponding semantics in ICN (namespace, message types, header fields). Please consult our detailed meeting notes if you are interested in the discussion.

Bengt Ahlgren talked about “ICN Congestion Control — how to handle unknown and varying link capacity?” and kicked of a discussion on how ICN hop-by-hop congestion control should effectively work together with end-to-end (receiver-driven) congestion control.

Jacopo De Benedetto presented “Interconnection of testbeds to enable better testing” — proposing using the Geant Testbed Service (GTS) for future ICN testing.

Cenk Gündogan and Christopher Scherb provided an “update on CCN-lite and RIOT“. In 2017, the development of CCN-lite v2 has been kicked-off, with many improvements with respect to code modularity, functionality and implementation specifics. One of the planned changes is the introduction of static memory allocation which is deemed important on constrained platforms.

Cenk Gündogan also reported on his work on “CCN LoWPAN“, i.e., mapping the CCNx and NDN protocols to an IEEE 802.15.4 link layer, employing header compression for a more compact message format.

Finally, I provided a short summary of the IRTF T2TRG meeting earlier in the week (see above).

Disclaimer

I was not involved in the local meeting arrangement and general organization of these events. The heavy lifting has been done by Matthias Wählisch, Thomas Schmidt, Emmaniel Baccelli and many supporters at FU Berlin and HAW.

ChangeLog

  • 2017-10-12: Added correct link to ICNRG meeting minutes

Written by dkutscher

October 5th, 2017 at 12:13 am

Posted in Events