Dirk Kutscher

Personal web page

Archive for the ‘Events’ Category

Re-Thinking LoRaWAN

without comments

Low-power, long-range radio systems such as LoRaWAN represent one of the few remaining networked system domains that still feature a complete vertical stack with special link- and network layer designs independent of IP. Similar to local IoT systems for low-power networks (LoWPANs), the main service of these systems is to make data available at minimal energy consumption, but over longer distances. LoRaWAN (the system that comprises the LoRa PHY and MAC) supports bi-directional communication, if the IoT device has the energy budget. Application developers interface with the system using a centralized server that terminates the LoRaWAN protocol and makes data available on the Internet.

While LoRaWAN applications are typically providing access to named data, the existing LoRaWAN stack does not support this way of communicating. LoRaWAN is device-centric and is generally designed as a device-to-server messaging system – with centralized servers that serve as rendezvous point for accessing sensor data. The current design imposes rigid constraints and does not facilitate accessing named data natively, which results in many point solutions and dependencies on central server instances.

In our demo paper & presentation at ACM ICN-2020, we are therefore describing how Information-Centric Networking could provide a more natural communication style for LoRa applications and how ICN could help to conceive LoRa networks in a more distributed fashion compared to todays mainstream LoRaWAN deployments. For LoWPANs (e.g., 802.15.4 networks), ICN has already demonstrated to be an attractive and viable alternative to legacy integrated special purpose stacks – we believe that
LoRa communication provides similar opportunities.

Watch my Peter Kietzmann’s talk about it here:

Written by dkutscher

October 6th, 2020 at 10:39 pm

Posted in Events,IRTF,Projects,Talks

Tagged with , , ,

ACM ICN-2020 Highlights

without comments

ACM ICN-2020 took place online from September 29th to October 1st 2020. This is a quick summary of the main technical highlights from my personal perspective. Overall, it was a high-quality event, and it was great to see the progress that is being made by different teams. Here, I am focusing specifically on Architecture, Content Distribution, Programmability, and Performance. If you are interested in the complete program, all papers, presentation material, and presentation videos are available on the conference website.

Architecture

The Information-Centric Networking concept can be implemented in different ways (and some people would argue that some overlay systems for content distribution and data processing are essentially information-centric). ICN systems have often been associated with clean-slate approaches, requiring difficult to imagine fork-lift replacement of larger parts of the infrastructure. While this has never the case (because you can always run ICN protocols over different underlays or directly map the semantics to IPv6), it is still interesting to learn about new approaches and to compare existing data-oriented frameworks to pure ICN systems.

Named-Data Transport

In their paper Named-Data Transport: An End-to-End Approach for an Information-Centric IP Internet (Presentation) Abdulazaz Albalawi and J. J. Garcia-Luna-Aceves have developed an alternative implementation of the accessing named data concept called Named-Data Transport (NDT) that can leverage existing Internet routing and DNS, while still providing the general properties (accessing named-data securely, in-network caching, receiver-driven operation).

The system is based on three components: 1) A connection-free reliable transport protocol, called Named Data Transport Protocol (NDTP), 2) a DNS extension (my-DNS) for manifest records that describe content items and their chunks, and 3) NDT Proxies that act as transparent caches and that track pending requests, similar to ICN forwarders, but at the transport layer.

In NDT, content names are based on DNS domain names, and each name is mapped to an individual manifest record (in the DNS). These records provide a mapping to a list of IP addresses hosting content replicas. When requesting such records, the idea is that the system would be able apply similar traffic steering as today’s CDNs, i.e., provide the requestor with a list of topologically close locations. Producers would be responsible for producing and publishing such manifests.

The Named Data Transport Protocol (NDTP) is a receiver-driven transport protocol (on top of UDP) used by consumers and NDT Proxies which behave logically like ICN forwarders. There is more to the whole approach (such as security, name privacy etc.).

In my view, NDT is an example of a resolution-based ICN system with interesting ideas for deployability. In principle, resolution-based ICN has been pursued by other approaches before (such as NetInf). In general, these systems have a better initial deployment story at the cost of requiring additional infrastructure (and resolution steps during operation.)

RESTful Information-Centric Web of Things

In the Internet of Things, ICN has demonstrated many benefits in terms of reduced code complexity, better data availability, and reduced communication overhead compared to many vertically integrated IoT stacks and location/connection-based protocols.

In their paper Toward a RESTful Information-Centric Web of Things: A Deeper Look at Data Orientation in CoAP (presentation), Cenk Gündoğan, Christian Amsüss, Thomas C. Schmidt, and Matthias Wählisch compare a CoAP and OSCORE (Object Security for Constrained RESTFul Environments) based network of CoAP clients, servers, and proxies with a corresponding NDN setup.

The authors investigated the possibility of building a restful Web of Things that adheres to ICN first principles using the CoAP protocol suite (instead of a native ICN protocol framework). The results showed, since CoAP is quite modular and can be used in different ways, this is indeed possible, if one is willing to give up strict end-to-end semantics and to introduce proxies that mimic ICN forwarder behavior. (The paper reports on many other things, such as extensive performance measurements and comparisons.)

In my view, this is an interesting Gedankenexperiment, and there was a lively discussion at the conference. One of the discussion topics was the question how accurate the comparison really is. For example, while is is possible to construct a CoAP proxy chain that mimics ICN behavior, real-world scenarios would require additional functionality in the CoAP network (routing, dealing with disruptions etc.) that might lead to a different level of complexity (that would possibly be less pronounced in an native ICN environment).

Still, the important take-away of this paper is that some applications of CoAP & OSCORE exhibit information-centric properties, and it is an interesting question whether, for a green-field deployment, the user would not be better served by a native ICN approach.

Content Distribution

Content Distribution and ICN have a long history, sometimes challenged by some misunderstandings. Because one of the early ICN approaches was called Content-Centric Networking (CCN), it was often assumed that ICN would disrupt or replace Content Distribution Networks (CDNs) or that it was a CDN-like technology.

While ICN will certainly help with large-scale content distribution and potentially also change/simplify CDN operations, the core idea is actually about accessing named data securely as a principal network service — for all applications (that’s why Named Data Networking — NDN — is a better name).

Managed content distribution as such will continue to be important, even in an ICN world. Surely, it will enjoy better support from the network as today’s CDN can expect, thus enabling new exciting applications and simplifying operations, but I prefer avoiding the notion of ICN replacing CDN.

When looking at actual networks and applications today, it is fair to say that almost nothing works without CDN. What we are seeing today is hyperscalers and essentially all the (so-called) OTT video providers extending their systems into ISP networks, by simply shipping standalone edge caches such as Netflix OCA servers as standalone systems to ISPs.

Each of these providers have their own special requirements of how to map customers to edge caches, how to implement traffic steering etc, which is painful enough for operators already. I expect this to become even more pressing as we shift more and more linear live TV to the Internet. Flash-crowd audiences such as viewers of UEFA Champions’ League matches will require a massive extension of the already extensive edge caching infrastructure and require massive investments but also significant complexity with respect to traffic steering and guaranteeing a decent viewing experience.

In that context, it is no wonder that people try to resort to IP-Multicast for ensuring a more scaleable last-mile distribution such as this proposal by Akamai and others. Marrying IP-Multicast with a CDN-overlay is (IMO) not exactly complexity reduction, so I think we are now at a tipping point where the Internet in terms of concepts and deployable physical infrastructure can provide many cool services, but where the limited features of the network layers requires a prohibitive amount of complexity — to an extend where people start looking for better solutions.

At ICN-2020, CDN was thus discussed quite extensively again — with many interesting, complementary contributions.

Keynote by Bruce Maggs on The Economics of Content Distribution

We were extremely happy to have Bruce Maggs (Emerald Innovations, on leave from Duke University, ex NEC researcher, one of the founding employees of Akamai) delivering his keynote on the Economics of Content Delivery. In his talk Bruce explained different economic aspects (flow of payments, cost of goods sold) but also challenges for different CDN services such as live-streaming.

The take-aways for ICN were:

  • Incentives and cost must be aligned
  • Performance benefits from caching
    • Reducing latency is valuable to content providers
    • Reducing network is valuable to ISPs.
  • If there was caching at the core (in addition to the edge)
    • What is the additional benefit?
    • Who pays for that?
  • Protocol innovation is still possible
    • In the past, people thought that HTTP/TLS/TPC/IP is difficult to overcome
    • QUIC demonstrates that new protocols can be introduced

The socio-economic discussion resonated quite well with me, as some of earlier ICN projects in Europe tried to address these aspects relatively early in 2008. I believe this was due to the operator and vendor influence at the time. In retrospect, I would say that the approaches at that time were possibly too much top-down and premature (trying to revert value chains and find new business models). It is only now that we understand the economics of CDN, its complexity and real cost that (in my view) represent barriers to innovation — and that we can start to imagine actually implementing different systems.

Far Cry: Will CDNs Hear NDN’s Call?

In their paper Far Cry: Will CDNs Hear CDN’s Call? (presentation), Chavoosh Ghasemi, Hamed Yousefi, and Beichuan Zhang tried to compare NDN with enterprise CDN (a particular variant of CDN) with respect to caching and retrieval of static contents.

In their work, the authors deployed an adaptive video streaming service over three different networks: Akamai, Fastly, and the NDN testbed. They had users in four different continents and conducted a two-week experiment, comparing Quality of Experience, Origin workload, failure resiliency, and content security.

I cannot summarize of all of the results here, but the conclusions by the authors were:

  • CDNs outperform the current NDN testbed deployment in terms of QoE (achievable video resolution in a DASH-setting)
  • Origin workload and failure resiliency are mainly the products of the network design — and the NDN testbed outperforms current CDNs
  • More as an interpretation: NDN can realize a resilient, secure, and scalable content network given appropriate software and protocol maturity and hardware resources.

The paper was discussed intensively at the conference , for example, it was debated how comparable the plain NDN testbed and its network service really are — to a production-level CDN.

In my view, the value of this paper lies in the created experiment facilities and the attempt to establish some ground truth (based on current NDN maturity). I hope that this work can leverage by more experiments in the future.

iCDN: An NDN-based CDN

In their paper iCDN: An NDN-based CDN (presentation), Chavoosh Ghasemi, Hamed Yousefi, and Beichuan Zhang (i.e., the same authors), pursue a more forward-looking approach. In this paper, they develop a CDN service based on ICN mechanisms, i.e., trying to conceive a future CDN system that does not need to take the current network’s limitations into account.

One of the interesting ICN properties is that the main service of accessing named data does not require any notion of location. Sometimes people assume that an Information-Centric system always needs to map names to locators such as IP addresses, but this is a really limited view. Instead, it is possible to build the network solely on forwarding INTERESTs for named data based on forwarding information of that same namespace. A forwarder may have more than forwarding info base entry for the same name — from a consumer (application) perspective these are completely equivalent.

Because of intrinsic object security, it does not matter from which particular host a content object is served. There can be several copies — all equivalent. When creating copies of original content, e.g., by cloning a data repository, the new copy needs to be announced (by injecting routing information) , and from that point on, it is reachable without any additional management, configuration or other out-of-band mechanisms.

When applying this notion to CDN scenarios, it is easy to understand the simplification opportunities. In ICN, content repositories can be added to the network, and in-network name-based forwarding will find the closest copy automatically.

For iCDN, the authors have leveraged this basic notion and built an ICN-based CDN that does not need any client-to-cache mapping and overlay routing mechanisms. Based on that, iCDN features logical partitions and cache hierarchies for content namespaces (for acknowledging that there may be different CDN providers, hosting different content services).

iCDNs employ cache hierarchies to exploit on-path and off-oath caches without relying on application-layer routing functions. The idea was to provide a scalable, adaptive solution that can cope with dynamic network changes as well as dynamic changes in content popularity.

There are more details to this approach, and of course the debate on what is the best ICN-based CDN design has just started. Still, this paper is an interesting contribution in my view, because it illustrates the opportunities for rethinking CDN nicely.

Programmability

Programmability and ICN has two facets: 1) Implementing distributed computing with ICN (for example as in CFN — Compute-First Networking) and 2) implementing ICN with programmable infrastructure. ACM ICN-2020 has seen contributions in both directions.

Result Provenance in Named Function Networking

In their paper Result Provenance in Named Function Networking (presentation), Claudio Marxer and Christian Tschudin have leveraged their previous work on Named Function Networking (NFN) and developed a result provenance framework for distributed computing in NFN.

In this work, the authors augmented NFN with a data structure that creates transparency of the genesis of every evaluation results so that entities in the system can ascertain result provenance. The main idea is the introduction of so-called provenance records that capture meta data about the genesis of the computation result. The paper discusses integration of these records into NDN and procedures for provenance checks and trust computation.

In my view, the interesting contribution of this work is the illustration of how the general concept of provenance verification can be implemented in a data-oriented system such as the ICN-based Named Function Networking framework. The results may be (so some extend) to other ICN-based in-network computing systems, so I hope this paper will start a thread of activities on this subject.

ENDN: An Enhanced NDN Architecture with a P4-programmable Data Plane

In their paper ENDN: An Enhanced NDN Architecture with a P4-programmable Data Plane (presentation), Ouassim Karrakchou, Nancy Samaan, and Ahmed Karmouch present an NDN system that is implemented in a P4-programmable data plane, i.e., a system in which applications can interact with a control plane that configures the data plane according to the required services.

The work in this paper is based on the notion that applications specify their content delivery requirements to the network, i.e., the control plane of a network. The control plane provide a catalogue of content delivery services, which are then translated into data plane configurations that ultimately get installed on P4 switches.

Examples of such services include Content Delivery Pattern services (whether the system is based on INTEREST/DATA or some stateful data forwarding), Content Name Rewrite services (enabling the network to rewrite certain names in INTERESTs), Adaptive Forwarding services (next-hop selection) etc.

In my view, this paper is interesting because it provides a relatively advanced perspective of how applications specify required behavior to a programmable ICN network. Moreover, the authors implemented this successfully on P4 switches and described relevant lessons learned and achievements in the paper.

Performance

Performance has historically always been an interesting topic in ICN. On the one hand, ICN provides substantial performance increases in the network due to its forwarding and caching features. On the other hand, it has been shown that implementing an ICN forwarder that operates at modern network line-speeds is challenging.

NDN-DPDK: NDN Forwarding at 100 Gbps on Commodity Hardware

In their paper NDN-DPDK: NDN Forwarding at 100 Gbps on Commodity Hardware (presentation), Junxiao Shi, Davide Pesavento, and Lotfi Benmohamed present their design of a DPDK-based forwarder.

The authors have developed a complete NDN implementation that runs on real hardware and that supports the complete NDN protocol and name matching semantics.

This work is interesting because the authors describe the different optimization techniques including better algorithms and more efficient data structures, as well as making use of the parallelism offered by modern multi-core CPUS and multiple hardware queues with user-space drivers for kernel-bypass.

This work represents the first software forwarder implementation that is able to achieve 100 Gpbs without compromises in NDN protocols semantics. The authors have published the source at https://github.com/usnistgov/ndn-dpdk.

Written by dkutscher

October 4th, 2020 at 12:28 am

Posted in Events

Tagged with ,

Keynote at IEEE HotICN-2019

without comments

I had the pleasure of being invited for a keynote at IEEE HotICN-2019 in Chongqing. I talked about key ICN properties (from my perspective), about general research areas, and three specific topics: Quality of Service, Forwarding Plane Interaction with the Routing System and Applications, and In-Network Computing.

HotICN-2019

Written by dkutscher

December 16th, 2019 at 9:47 pm

Posted in Events

Tagged with , , , ,

ACM CoNEXT Workshop on Emerging In-Network Computing Paradigms (ENCP)

without comments

Edge- and, more generally, in-network computing is receiving a lot attention in research and industry fora. The ability to decentralize computing, to achieve low latency communication to distributed application logic, and the potential for privacy-preserving analytics are just a few examples that motivate a new approach for looking at computing and networking.

What are the interesting research questions from a networking and distributed computing perspective? In-network computing can be conceived in many different ways – from active networking, data plane programmability, running virtualized functions, service chaining, to distributed computing. What abstractions do we need to program, optimize, and to manage such systems? What is the relationship to cloud networking?

These questions will be discussed at the first workshop on Emerging In-Network Computing (ENCP) that takes place at ACM CoNEXT-2019 on December 9th in Orlando.

We have received many interesting submission and were able to put together a really interesting program that covers both Network Programmability and In-Network Computing Architectures and Protocols. Check out the full program here.

Many thanks to my co-organizers Spyros Mastorakis and Abderrahmen Mtibaa, to our steering committee members Jon Crowcroft, Satyajayant (Jay) Misra, and Dave Oran, and to our great Technical Program Committee for putting this together.

Links

Written by dkutscher

December 5th, 2019 at 8:24 am

ACM ICN-2019 Highlights

without comments

ACM ICN-2019 took place in the week of September 23 in Macau, SAR China. The conference was co-located with Information-Centric-Networking-related side events: the TouchNDN Workshop on Creating Distributed Media Experiences with TouchDesigner and NDN before and an IRTF ICNRG meeting after the conference. In the following, I am providing a summary of some highlights of the whole week from my (naturally very subjective) perspective.

University of Macau — the ICN-2019 Venue

Applications

ICN with its accessing named data in the network paradigm is supposed provide a different, hopefully better, service to application compared to the traditional stack of TCP/IP, DNS and application-layer protocols. Research in this space is often addressing one of two interesting research questions: 1) What is the potential for building or re-factoring applications that use ICN and what is the impact on existing designs; and 2) what requirements can be learned for the evolution of ICN, what services are useful on top of an ICN network layer, and/or how should the ICN network layer be improved.

Network Management

The best paper at the conference on Lessons Learned Building a Secure Network Measurement Framework using Basic NDN by Kathleen Nichols took the approach of investigating how a network measurement system can be implemented without inventing new features for the NDN network layer. Instead, Kathleen’s work explored the features and usability support mechanisms that would be needed for implementing her Distributed Network Measurement Protocol (DNMP) in terms of frameworks and libraries leveraging existing NDN. DNMP is secure, role-based framework for requesting, carrying out, and collecting measurements in NDN forwarders. As such it represents a class of applications where applications both send and receive data that is organized by hierarchical topics in a namespace which implies a conceptual approach where applications do not (want to) talk to specific producers but are really operating in an information-centric style.

Communication in such a system involves one-to-many, many-to-one, and any-to-any communications about information (not data objects hosted at named nodes). DNMP employs a publish/subscribe model inspired by protocols such as MQTT where publishers and subscribers communicate through hierarchically structured topics. Instead of existing frameworks for data set reconciliation, with DNMP work includes the development of a lightweight pub/sub sync protocol called syncps that uses Difference Digests, solving the multi-party set reconciliation problem with prior context.

In a role-based system such as DNMP that uses secure Named-Data-based communication, automating authentication and access control is typically a major challenge. DNMP leverages earlier work on Trust Schema but extends this by a Versatile Security Toolkit (VerSec) that integrates with the transport framework to simplify integration of trust rules. VerSec is about to be released under GPL.

I found this paper really interesting to read because it is a nice illustration of what kind of higher layer services and APIs non-trivial application require. Also, the approach of using the NDN network layer as is but implementing additional functionality as libraries and frameworks seems promising with respect to establishing a stable network layer platform where innovation can happen independently on top. Moreover, the paper embraces Information-Centric thinking nicely and demonstrates the concept with a relevant application. Finally, I am looking forward to see the VerSec software which could make it easier for developers to implement rigorous security and validation in the applications.

Distributed Media Experiences

Jeff Burke and Peter Gusev organized the very cool TouchNDN workshop on Creating Distributed Media Experiences with TouchDesigner and NDN at the School of Creative Media at the City University of Hong Kong (summary presentation). The background is that video distribution/access has evolved significantly from linear TV broadcast to todays applications. Yet, many systems still seem to be built in a way that optimizes for linear video streaming to consumer eye balls, with a frame sequence abstraction.

Creative media applications such as Live Show Control (example) exhibit a much richer interaction with digital video, often combing 3D modelling with flexible, non-sequential access to video based on (for example) semantics, specific time intervals, quality layers, or spatial coordinates.

Touchdesigner used for sound reactive 3D object and for mixing a video loop

Combine this with dynamic lightning, sound control and instrumentation of theater effects, and you get an idea of an environment where various pieces of digital media are mixed together creatively and spontaneously. Incidentally, a famous venue for such an installation is the Spectacle at MGM Cotai, close to the venue of ACM ICN-2019 in Macau.

The Spectacle at MGM Cotai – Creative Overview

Derivative’s TouchDesigner is a development platform for such realtime user experiences. It is frequently used for projection mapping, interactive visualization and other applications. The Center for Research in Engineering, Media and Performance (REMAP) has developed an integration of NDN with TouchDesigner’s realtime 3D engine via the NDN-Common-Name-Library stack as a platform for experimenting with data-centric media. The objective is to provide a more natural networked media platform that does not have to deal with addresses (L2 or L3) but enables applications to publish and request media assets in namespaces that reflect the structure of the data. Combing this with other general ICN properties such as implicit multicast distribution and in-network caching results in a much more adequate platform for creating realtime multimedia experiences.

The TouchNDN workshop was one of REMAP’s activities on converging their NDN research with artistic and cultural projects, trying to get NDN out of the lab and into the hands of creators in arts, culture, and entertainment. It is also an eye-opener for the ICN community for learning about trends and opportunities in real-time rendering and visual programming which seems to bear lots of potential for innovation — both from the artistic as well as from the networking perspective.

Personally, I think it’s a great, inspiring project that teaches us a lot about more interesting properties and metrics (flexible access, natural APIs, usability, utility for enabling innovations) compared to the usual quantitative performance metrics from the last century.

Inter-Server Game State Synchronization

Massive Multiplayer Online Role-Playing Games (MMORPGs) allow up to thousands of players to play in the same shared virtual world. Those worlds are often distributed on multiple servers of a server cluster, because a single server would not be able to handle the computational load caused by the large number of players interacting in a huge virtual world. This distribution of the world on a server cluster requires to synchronize relevant game state information among the servers. The synchronization requires every server to send updated game state information to the other servers in the cluster, resulting in redundantly sent traffic when utilizing current IP infrastructure.

In their paper Inter-Server Game State Synchronization using Named Data Networking Philipp Moll, Sebastian Theuermann, Natascha Rauscher, Hermann Hellwagner, and Jeff Burke started from the assumption that ICN’s implicit multicast support and the ability to to decouple the game state information from the producing server could reduce the amount of redundant traffic and also help with robustness and availability in the presence of server failures.

They built a ICNified version of Minecraft and developed protocols for synchronizing game state in a server cluster over NDN. Their evaluation results indicated the benefits on an ICN-based approach for inter-server game state synchronization despite larger packet overheads (compared to TCP/IP). The authors made all their artefacts required for reproducing the results available on github.

Panel on Industry Applications of ICN

I had the pleasure of moderating a panel on industry applications of ICN, featuring Richard Chow (Intel), Kathleen Nichols (Pollere Inc.), and Kent Wu (Hong Kong Applied Science and Technology Research Institute). Recent ICN research has produced various platforms for experimentation and application development. One welcome development consists of initial ICN deployment mechanisms that do not require a forklift replacement of large parts of the Internet. At the same time, new technologies and use cases, such as edge computing, massively scalable multiparty communication, and linear video distribution, impose challenges on the existing infrastructure. This panel with experts from different application domains discussed pain points with current systems, opportunities and promising results for building specific applications with ICN, and challenges, shortcomings, and ideas for future evolution of ICN.

What was interesting to learn was how different groups pick up the results and available software to build prototypes for research and industry applications and what they perceive as challenges in applying ICN.

Decentralization

Growing concerns about centralization, surveillance and loss of digital sovereignty are currently fuelling many activities around P2P-inspired communication and storage networks, decentralized web (“web3”) efforts as well as group such as the IRTF Research Group on Decentralized Internet Infrastructure (DINRG). One particular concern is the almost universal dependency on central cloud platforms for anchoring trust in applications that are actually of a rather local nature such as smart home platforms. Since such platforms often entail rent-seeking or surveillance-based business models, it is becoming increasingly important to investigate alternatives.

NDN/CCN-based ICN with its built-in PKI system provides some elements for an alternative design. In NDN/CCN it is possible to set up secure communication relationships without necessarily depending on third-party platforms which could be leveraged for more decentralized designs of IoT systems, social media and many other applications.

Decentralized and Secure Multimedia Sharing

A particularly important application domain is multimedia sharing where surveillance and manipulation campaigns by the dominant platforms have led to the development of alternative federated social media applications such as Mastodon and Diaspora. In their paper Decentralized and Secure Multimedia Sharing Application over Named Data Networking Ashlesh Gawande, Jeremy Clark, Damian Coomes, and Lan Wang described their design and implementation of npChat (NDN Photo Chat), a multimedia sharing application that provides similar functionality as today’s media-sharing based social networking applications without requiring any centralized service providers.

The major contributions of this work include identifying the specific requirements for a fully decentralized application, and designing and implementing NDN-based mechanisms to enable users to discover other users in the local network and through mutual friends, build friendship via multi-modal trust establishment mirrored from the real world, subscribe to friends’ multimedia data updates via pub-sub, and control access to their own published media.

This paper is interesting in my view because it illustrates the challenges and some design options nicely. It also suggests further research in terms of namespace design, name privacy and trust models. The authors developed an NDN-based prototype for Android systems that is supposed to appear on the Android Play store soon.

Exploring the Relationship of ICN and IPFS

We were happy to have David Dias, Adin Schmahmann, Cole Brown, and Evan Miyazono from Protocol Labs at the conference who held a tutorial on IPFS that also touched upon the relationship of IPFS and some ICN approaches.

Protocol Lab’s InterPlanetary File System (IPFS) is a peer-to-peer content-addressable distributed filesystem that seeks to connect all computing devices with the same system of files. It is an opensource community-driven project, with reference implementations in Go and Javascript, and a global community of millions of users. IPFS resembles past and present efforts to build and deploy Information-Centric Networking approaches to content storage, resolution, distribution and delivery. IPFS and libp2p, which is the modular network stack of IPFS, are based on name-resolution based routing. The resolution system is based on Kademlia DHT and content is addressed by flat hash-based names. IPFS sees significant real-world usage already and is projected to become one of the main decentralised storage platforms in the near future. The objective of this tutorial is to make the audience familiar with IPFS and able to use the tools provided by the project for research and development.

Interestingly IPFS bear quite some similarities with earlier ICN systems such as NetInf but is using traditional transport and application layer protocols for the actual data transfer. One of the interesting research questions in that space are how IPFS system could be improved with today’s ICN technology (as an underlay) but also how the design of a future IPFS-like system could leverage additional ICN mechanisms such as Trust Schema, data set reconciliation protocols, and remote method invocation. The paper Towards Peer-to-Peer Content Retrieval Markets: Enhancing IPFS with ICN by Onur Ascigil, Sergi Reñé, Michał Król et al. explored some of these options.

IoT

IoT is one of the interesting application areas for ICN, especially IoT in constrained environments, where the more powerful forwarding model (stateful forwarding and in-network caching) and the associated possibility for more fine-grained control of storage and communication resources incurs significant optimization potential (which was also a topic at this year’s conference).

QoS Management in Constrained NDN Networks

Quality of Service (QoS) in the IP world mainly manages forwarding resources, i.e., link capacities and buffer spaces. In addition, Information Centric Networking (ICN) offers resource dimensions such as in-network caches and forwarding state. In constrained wireless networks, these resources are scarce with a potentially high impact due to lossy radio transmission. In their paper Gain More for Less: The Surprising Benefits of QoS Management in Constrained NDN Networks Cenk Gündoğan, Jakob Pfender, Michael Frey, Thomas C. Schmidt, Felix Shzu-Juraschek, and Matthias Wählisch explored the two basic service qualities (i) prompt and (ii) reliable traffic forwarding for the case of NDN. The resources that were taken into account are forwarding and queuing priorities, as well as the utilization of caches and of forwarding state space. The authors treated QoS resources not only in isolation, but also correlated their use on local nodes and between network members. Network-wide coordination is based on simple, predefined QoS code points. The results indicate that coordinated QoS management in ICN is more than the sum of its parts and exceeds the impact QoS can have in the IP world.

What I found interesting about his paper is the validation in real-world experiments that demonstrated impressive improvements, based on the coordinated QoS management approach. This work comes timely considering the current ICN QoS discussion in ICNRG, for example in draft-oran-icnrg-qosarch. Also, the authors made their artefacts available on github for enabling reproducing their results.

How Much ICN Is Inside of Bluetooth Mesh?

Bluetooth mesh is a new mode of Bluetooth operation for low-energy devices that offers group-based publish-subscribe as a network service with additional caching capabilities. These features resemble concepts of information-centric networking (ICN), and the analogy to ICN has been repeatedly drawn in the Bluetooth community. In their paper Bluetooth Mesh under the Microscope: How much ICN is Inside? Hauke Petersen, Peter Kietzmann, Cenk Gündoğan, Thomas C. Schmidt, and Matthias Wählisch compared Bluetooth mesh with ICN both conceptually and in real-world experiments. They contrasted both architectures and their design decisions in detail. They conducted experiments on an IoT testbed using NDN/CCNx and Bluetooth Mesh on constrained RIOT nodes.

Interestingly the authors found that the implementation of ICN principles and mechanisms in Bluetooth Mesh is rather limited. In fact, Bluetooth Mesh performs flooding without content caching and merely using the equivalent of multicast addresses as a surrogate for names. Based on these findings, the authors discuss options of how ICN support for Bluetooth could or should look like, so the paper is interesting both for understanding the actual working of Bluetooth Mesh as well as for ideas for improving Bluetooth Mesh. The authors made their artefacts available on github for enabling reproducing their results.

ICN and LoRa

LoRa is an interesting technology for its usage of license-free sub-gigahertz spectrum and bi-directional communication capabilities. We were happy to have Kent Wu and Xiaoyu Zhao from ASTRI at the conference and the ICNRG meeting who talked about their LoRa prototype development for a smart metering system for water consumption in Hong Kong. In addition to that, the ICNRG also discussed different options for integrating ICN and LoRa and got an update by Peter Kietzmann on the state of LoRa support in the RIOT OS. This is an exciting area for innovation, and we expect more work and interesting results in the future.

New Frontiers

Appying ICN to big data storage and processing and to distributed computing are really promising research directions that were explored by papers at the conference.

NDN and Hadoop

The Hadoop Distributed File System (HDFS) is a network file system used to support multiple widely-used big data frameworks that can scale to run on large clusters. In their paper On the Power of In-Network Caching in the Hadoop Distributed File System Eric Newberry and Beichuan Zhang evaluate the effectiveness of using in-network caching on switches in HDFS- supported clusters in order to reduce per-link bandwidth usage in the network.

They discovered that some applications featured large amounts of data requested by multiple clients and that, by caching read data in the network, the average per-link bandwidth usage of read operations in these applications could be reduced by more than half. They also found that the choice of cache replacement policy could have a significant impact on caching effectiveness in this environment, with LIRS and ARC generally performing the best for larger and smaller cache sizes, respectively. The authors also developed a mechanism to reduce the total per-link bandwidth usage of HDFS write operations by replacing write pipelining with multicast.

Overall, the evaluation results are promising, and it will be interesting to see how the adoption of additional ICN concepts and mechanisms and caching could be useful for big data storage and processing.

Compute-First Networking

Although, as a co-author, I am clearly biased, I am quite convinced of the potential for distributed computing and ICN that we described in a paper co-authored by Michał Król, Spyridon Mastorakis, David Oran, and myself.

Edge- and, more generally, in-network computing is receiving a lot attention in research and industry fora. What are the interesting research questions from a networking perspective? In-network computing can be conceived in many different ways – from active networking, data plane programmability, running virtualized functions, service chaining, to distributed computing. Modern distributed computing frameworks and domain-specific languages provide a convenient and robust way to structure large distributed applications and deploy them on either data center or edge computing environments. The current systems suffer however from the need for a complex underlay of services to allow them to run effectively on existing Internet protocols. These services include centralized schedulers, DNS-based name translation, stateful load balancers, and heavy-weight transport protocols.

Over the past years, we have been working on alternative approaches, trying to find ways for integrating networking and computing in new ways, so that distributed computing can leverage networking capabilities directly and optimize usage of networking and computing resources in a holistic fashion. Here is a summary of our latest paper.

Written by dkutscher

October 4th, 2019 at 12:33 am

Posted in Events

Tagged with , , , ,

Edgy with a Chance of RIOTs

without comments

Report from IRTF T2TRG Meeting, RIOT Summit, ACM ICN Conference, and IRTF ICNRG Meeting

 

 

Berlin saw a remarkable series of research, coding, demonstration and open discussion events on the Internet of Things and Information-Centric Networking last week. It brought together an interesting mix of researchers, developers, entrepreneurs and thought leaders, which facilitated making real progress and moving the needle in next-generation networking for IoT, edge computing and decentralized operations. In my view the whole setup (although demanding in terms of commitment by organizers and participants) can likely serve as a prototype for future un-conference (and un-standards-meeting) events that want to put emphasis on constructive discussions and progress making instead of paper publication and marketing. For those who have been unlucky to miss it, I have written this (eclectic) summary (please refer to the respective events’ web pages for a complete view). Also note, I am not speaking for the organizers of the different events.

Introduction & Executive Summary

The Internet of Things, Edge Computing, Virtual/Augmented/Mixed Reality are popular buzzwords in the networking industry and academic community. Unfortunately, the popularity and the associated revenue expectations often lead to proposed solutions that try to leverage (often failed) foundations from related domains (e.g., the telco area), that compromise on security and performance and that lead to complex point-solutions. For example, in IoT, past experience in factory automation, home networking etc. have led to the popular assumption that most IoT networks will be built with the notion of a gateway that connects controllers, sensors on different incompatible fieldbus networks to cloud backends, employing significant translation magic to enable connectivity and semantic interoperability. People often use the term convergence to describe the fact that a zoo of different technologies will be integrated in such frameworks.

Converting to Internet Technologies

However, the Internet research and technology development community has demonstrated before (when multi-media real-time communication made telephony just another service on the Internet) that conversion (not convergence) is what actually creates an interoperable and extensible set of technologies. In IoT, protocols such as 6lowpan (IPv6 over Low power WPAN) and CoAP (Constrained Application Protocol) are enabling an efficient, secure, end-to-end communication service for the Internet-of-Things, where the Internet does not necessarily terminate at a predefined gateway. Instead, the Internet communication semantics can be extended to constrained devices — providing one stable platform of communication, obsoleting a lot of cruft that current IoT “industry standards” represent.

Semantic Interoperability

Beyond the fundamental connectivity layer, it is important to agree on they way Things in the IoT actually interact with one another, i.e., request-response type of interaction, publish-subscribe, RESTfulness, group communication etc. CoAP enables different interaction types on a Thing-to-Thing-based communication model. But when you compose/deploy/re-program IoT networks, how do you actually know how to communicate with your Things? How do you learn about available resources and the correct way to interact with them? How do Things and their users understand the physical-world effects, and, finally, how can you (reliably and securely) create larger applications that leverage Things in the IoT?

There are different approaches for describing and discovering resources. In the age of Service-Oriented-Architectures, people came up with resource description frameworks etc., enabling a first level of semantic interoperability. In the IRTF Thing-to-Thing Research Group (T2TRG), we are trying to find a sweet-spot between expressiveness, simplicity and flexibility with respect of re-using and re-combining resources for new purposes. This work is leveraging ideas from the web (hypermedia in general) so that “simple things should be simple; complex things should be possible”. Information-Centric Networking (ICN) also has a relation to semantic interoperability — I will talk more about it when summarizing the ICN conference below.

Data-Oriented Networking and Forwarding Abstractions

In IoT most interactions are actually not about sending bits from host A to host B — most often, we are interested in accessing names resources such as sensor readings, the result of an actuation request — regardless of network and host addresses. Similar considerations apply to other applications, too — for example web applications, video streaming and virtual reality. Realizing these applications today requires a stack of overlays for secure communication (server authentication and confidentiality through TLS), storage for resource sharing and latency reduction (CDN), and application-specific in-network processing (for example, routing IoT data to intended and authorized consumers).

In more advanced and/or challenging network scenarios such as multipath communication or data sharing in the IoT, the trade-offs that the traditional overlay approach requires are becoming increasingly painful. For example, TLS-based connection-oriented security may be a good approach for tele-banking, but it clearly gets into the way when we want to communicate in dynamic environments (with changing IP addresses etc.) or when we want to disseminate and consumer data from multiple producers securely in the IoT.

Being able to access named data regardless of current node addresses is a concern in more traditional frameworks such as CoAP, too. ICN addresses this by providing access to named (and authenticated) data as a first-order service. The network relies on named data access on the Internet layer, so that security (name-content binding, access control, confidentiality) does not depend on from where a particular data object has been retrieved. Obviously, this can facilitate communication in dynamic network topologies (mobility, disruptions) as well as enhance efficiency and reliability (caching) and is thus attractive for IoT but also for most other application domains.

The way that ICN implements the accessing-named-data service on the Internet layer enables peers and intermediary nodes to support forwarding and effective data dissemination in a network. For example, compared to IP, a router has slightly more visibility of request-response latency and data availability (potentially per name prefix) which can inform queue management, forwarding behavior and caching strategies. This is the basis for better transport performance in more conventional networks. In IoT, an enabled forwarding layer can help to optimize data availability in the presence of disruptions, power-saving and improve mesh network routing by leveraging information about data interest at certain parts of the network.

Because ICN can enable application-independent in-network caching directly on the Internet layer (as opposed to on the application layer as CDNs do) you can also characterize ICN as a democratizing technology: it enables data production and efficient sharing over the network by everyone and for any application — without requiring permissions from ISPs or contracts with CDN providers.

Regardless of ICN or any other technology, the technical question is “what is an appropriate forwarding abstraction?”  — for the new Internet that includes the IoT and other domains. From an Internet perspective, it would certainly be good if one could find a suitable comprise and arrive at a functionality set that is as powerful as needed — but not too powerful in terms of requiring application-specific knowledge and functionality at too many places in the network to be useful. To that end, ICN is inspired by IP and provides a minimal thin-waist (in the Internet stack hour glass model) but provides more functionality for in-network forwarding and caching strategies.

The ICN Conference and the ICNRG meeting last week discussed technical aspects of applying this technology to different application domains such as IoT: how to automate trust management, how to map ICN protocols efficiently to lower layer protocols such as IEEE 802.15.4, how to manage/bootstrap such networks securely, and how use the ICN protocol semantics for IoT use cases, for example asynchronous data generation.

Edge Computing

Edge Computing is becoming increasingly popular these days, and there are many good reasons to rethink current cloud-centric compute service architectures. For example, in industrial IoT, there are strong trust-sensitivity reasons for not shoveling all data to the cloud by default for processing and redistribution. Instead the data needs to be processed, potentially stored and shared close to the producers and consumers in an industrial IoT network. Or, as another example, infrastructure support for Virtual Reality  has low-latency requirements that mandate placing the compute function close to the display device.

There are different ways to do edge computing though — some approaches can be seen as extending today’s cloud infrastructure to the edge — to so-called edge gateways or to multi-tiered arrangements of compute platforms (fog computing). Also, popular CDN platforms provide some form of in-network computation already, so it seems attractive to extend these platforms to the edge.

From an Internet technology perspective, it is important to understand the implications of different architecture with respect to security and privacy (does edge computing mean we have to entrust unknown proxies to intercept our communication sessions?), permissionless innovation (can anyone run distributed computations in the network, or do you have to be a big content/service provider?), and generality (if edge computing means shipping VMs images to edge gateways, what about constrained networks/platforms?).

In the Thing-to-Thing context, we are discussing options for light-weight in-network computing that does not necessarily have to rely on an ossified architecture of constrained IoT network, edge gateway, and cloud backend. Similarly to thing-to-thing communication, would it be possible to design IoT edge computing in a way that allows some nodes in the network to offer compute services for other (possibly more constrained) nodes, and can this be achieved without complicated, and in the worst case, manual orchestration?

In ICN, the combination of accessing static named data and dynamic computation results in the same framework seems to be a very elegant and powerful approach to edge computing. For that reason, Intel and the NSF have recently decided to fund three research projects on ICN in wireless edge networks. One interesting aspect in this context is the idea not treating edge computing (and its applications) as a very special case in a distributed computing architecture. Instead, applications such as Virtual Reality could essentially just be web applications that leverage standardized protocols, media formats and dynamic code execution.

One particular proposal blending static data access with dynamic in-network computation in ICN is called Named Function Networking (NFN). NFN applies functional programming concepts (expression reduction, code as data, memomization) to networking and thus provide a light-weight in-network computation platform that can ultimately provide similar features as stream processing and distributed data bases under one single abstraction.

Going Cloudless

The Internet was designed as a distributed, decentralized system. For example, intra- and inter-domain routing, DNS, and so on were designed to operate in a distributed manner. However, over time the dominant deployment model for applications and some infrastructure services evolved to become more centralized and hierarchical. Some of the increase in centralization is due to business models that rely on centralized accounting and administration. However, we are simultaneously seeing the evolution of use cases (e.g., certain IoT deployments) that cannot work (or which work poorly) in centralized deployment scenarios along with the evolution of decentralized technologies which leverage new cryptographic infrastructures, such as DNSSEC, or which use novel, cryptographically-based distributed consensus mechanisms, such as a number of different ledger technologies.

One example that was mentioned at the T2TRG meeting on Sunday was the coordination of different wireless networks that compete for spectrum in a geographic context. For large-scale, managed spectrum sharing you could employ centralized databases for recording who is entitled to use what frequency band in a certain geographic location. In more dynamic settings like a multi-vendor, multi-radio technology IoT network deployment, this centralized approach may not work that well.

Decentralizing trust management, identity management, name resolution etc. could thus be another interesting factor towards democratizing network and application usage on the Internet. Less applications in the future may have to depend on centralized cloud services, and new players may be able to introduce innovative services. These ideas touch upon T2TRG work as well as ICN (that promote decentralized operation by itself). We are therefore kicking off a new proposed Research Group on Decentralized Internet Infrastructure in the IRTF.

Open Source and Free Software

In IoT one crucial element is the operation system platform for constrained devices. There are a few one that a freely available, and some companies have developed their own OSes, sometimes also marketed as Open Source. Open Source IOT OS software is important for two reasons: 1) For providing a platform that people can start new developments at minimal cost; and 2) For providing a platform that is reviewed and ideally governed by an open community process. If you think about security bugs/fixes, it has been demonstrated that the ability to review code and to propose changes improves the security and stability of software systems significantly compared to closed-source approaches, also with respect to agility when quick response to a new security threat is required.

Unfortunately, Open Source has become a marketing term these days, and many people confuse the availability of for-free software with Open Source. In addition to actually obtaining source code, two other important factors are licensing models and the project governance. Who actually decides about integrating proposed changes and future directions?

The RIOT OS project has developed a modern UNIX-like, very modular, very lightweight IoT OS that licensed under LGPL. The project is governed by a transparent and open community process, which has led to many useful extensions in the past, for example the addition of ICN support through integration of CCN-Lite or the addition of CAN bus functionality. RIOT’s architecture, its modularity and flexibility has led to increasing popularity and its wide availability on many different target platforms, which was demonstrated at the RIOT summit last week.

TL;DR

There is lots of activity in making the Internet better and bringing it to new places. Last week’s series of research events on IoT and ICN demonstrated new approaches towards Internet-inspired, direct communication. The most important meta aspects (in my view) are disintermediated communication, semantic interoperability, data-oriented communication and edge computing, and democratizing network operation and innovation through decentralizing communication and network infrastructure. The following sections represent my eclectic summary of theses meetings, focusing on these aspects.

IRTF Thing-to-Thing Research Group

The T2TRG meeting took place on Saturday/Sunday (September 23/24). One particular technology in T2TRG’s activities on semantic interoperability is the Constrained RESTful Application Language (CoRAL) by Klaus Hartke that “defines a data model and interaction model as well as two specialized serialization formats for the description of typed connections between resources on the Web (“links”), possible operations on such resources (“forms”), and simple resource metadata” (presentation slides from the meeting). CoRAL is essentially a constrained-environment-compatible hypermedia framework that can be used by IoT applications to discover node capabilities in a modern, flexible way.

On the topic of coordination and consensus using decentralized network infrastructure, Laura Feeney talked about “A role for higher layer protocols in mitigating wireless interference”, illustrating the use case of coordination between different (unknown) wireless networks that may compete with each other for spectrum (slides will become available here). Pekka Nikander introduced an upcoming EU H2020 project on Secure and Open Federation of IoT Systems (SOFIE) that is going to start 2018. The project plans to investigate use cases and ledger federation approaches to connect different types of IoT applications and their ledger infrastructure. I gave a talk on decentralized network infrastructure and considerations for T2T edge computing (as described earlier).

RIOT Summit 2017

The RIOT summit 2017 took place on Monday/Tuesday (September 25/26).  The keynote on Permutation-based Cryptography for the Internet of Things was presented by Gilles van Assche. The rest of the agenda was split up into topical sessions on IoT Security, Virtualization & Bootstrappping, Use Cases, and Networking. The second day featured different tutorials and coding sessions. In addition, there were many demos and posters on specific applications of RIOTs, new ideas etc.

In the Virtualization and Bootstrapping session, Marcel Enguehard talked about Cisco’s “Large-scale experiments on virtual ICN-based IoT networks with vICN“, an automated emulation platform, allowing for connecting physical devices for experiments.

In the Use Cases session, Michael Frey gave a presentation titled “Cloudy with a chance of RIOTS — Towards an Open Industrial Internet“, describing the R&D work at MSA on RIOT-based IoT appliances. In the same session,  Joern Alraun gave an introduction to the “Calliope mini“, a single-board computer for teaching. I am personally interested quite a bit in didactics of computer science (and am deploring the sad computer science education situation at most schools…).

In the Networking session, Vincent Dupont talked about “RIOT and CAN” and reported on OTAkeys’ development of a CAN implementation for RIOT (that has been integrated into the project) and its application to a commercial product related to vehicle on-board diagnosis (OBD). This resonated well with me, because I know how limited closed-source commercial OBD-2 adapters typically are, so the availability of an open platform sounds great for working with cars that use proprietary extensions etc.

Overall, the RIOT summit exhibited a vibrant community, and it was great to see an increasing number of commercial applications.

ACM ICN Conference

The ACM ICN 2017 Conference took place from Tuesday through Thursday (September 26 — 28). The first day saw three tutorials on 1) NDN, CCN-Lite, RIOT, 2) FD.io/cicn, and 3) Umobile, all of them were really well attended. The conference itself was organized into 6 technical sessions on Security, Architecture, Forwarding, Caching & Mobility, Infrastructure, and miscellaneous topics. In addition, there was a panel discussion on ICN & Operating Systems.

Jon Crowcroft presented the keynote on Private Namespaces in ICN. In his talk Jon made the connection of earlier work on reliable multicast (PGM — Pragmatic General Multicast) to ICN — both technologies can achieve scalable data distribution, albeit in different ways. He also made the connection of ICN and distributed ledger technologies (DLT) — as both technologies can be characterized as democratizing networking in their respective ways. ICN can provide a general-purpose multicast-like distribution infrastructure that can be used by anyone for any application without requiring prior contractual agreements, and DLT can be a basis for decentralized digital currencies and other ledger-based services in communication networks.

The best paper was titled “Jointly Optimal Routing and Caching for Arbitrary Network Topologies” (slides) by Stratis Ioannidis and Edmund Yeh. The paper presents polynomial time approximation algorithms for the (normally NP-hard) problem of jointly optimizing routing and caching for arbitrary topologies. This paper is noteworthy because the proposed solution can reduce routing cost in ICN dramatically, and furthermore, the work is applicable beyond ICN.

The Security session featured a paper titled “NDN DeLorean: An Authentication System for Data Archives in Named Data Networking” (slides) by Yingdi Yu, Alexander Afanasyes, Jan Seedorf, Zhiyi Zhang, and Lixia Zhang.  NDN DeLorean is  authentication framework to ensure the long-term authenticity of long-lived data, inspired by Certificate Transparency.   It is using a publicly auditable bookkeeping service approach to keep permanent proofs of data signatures and the times when the signatures were generated. I found this work interesting and important because it can provide a basis for trust management and attestation services in ICNs, with a purely data-oriented security approach.

In the Architecture session, there was a presentation of a short paper titled “Improved Content Addressability Through Relational Data Modelling and In-Network Processing Elements” (slides) by Claudio Marxer and Christian Tschudin. This work represents new ideas how relational database concepts can be applied to an ICN/NFN framework so that general-purpose processing of elements in ICN Named Data Objects becomes possible, which could be an interesting feature in NFN-based in-network computation, especially in application domains such as IoT. I found this work interesting and relevant because it can be seen as an ICN contribution to semantic interoperability, enabling application components to “talk” to each other across application silos.

The Forwarding session featured a paper titled “Path Switching in Content Centric and Named Data Networks” (slides) by Ilya Moiseenko and Dave Oran. The work described in this paper is leveraging the path symmetry in CCN/NDN for computing end-to-end label paths that can be used to steer forwarding of subsequent requests through the network. Over time, a consumer potentially different available paths for a certain prefix or set of prefixes and can then provide hints to forwarding nodes as to which particular path to use. I found this work interesting and relevant because it provides an MPLS-like functionality solely by leveraging data plane functions, i.e., unlike MPLS in IP, this approach would not need and label configuration and a corresponding control plane.

In the so-called Potpourri session, there was a presentation of a paper on ICN edge computing titled “NFaaS: Named Function as a Service” (slides) by Michael Krol and Ionnis Psaras, presenting an edge/fog computing extension to NDN that is leveraging very lightweight VMs, thus allowing dynamic code execution in a VM-based approach. Similarly to NFN, this work represents function names in Interest messages (that identify unikernel images). Some forwarding provide additional VM execution capabilities and can decide whether they want to fetch, store and execute the named images. NFaaS implements different forwarding strategies for delay-sensitive and for “bandwidth-hungry” services that can lead to different locations for the respective function execution. I found this work interesting and relevant because it proposes a framework for ICN-in network computation that enables certain useful optimizations with respect to function placement, without relying on centralized management with a  global network view.

A particular highlight of this year’s conference was the demo and poster session that featured 12 (!) demos and 13 posters, which was praised by many attendees. The best-demo award went to Nikos Fotiou, George Xylomenos, George Polyzos, Hasan Islam, Dmitrij Lagutin, and Eero Hakala for their demo on “ICN enabling CoAP Extensions for IP based IoT devices“. Another demo that impressed me was on “Panoramic Streaming using Named Tiles” by Kazuaki Ueda, Yuma Ishigaki, Atsushi Tagami and Toru Hasegawa. This demo showed how 360-degree video can be made more efficient through ICN by segmenting the video into named tiles that a consumer can request independently. A video renderer can thus request the required tiles for a particular field-of-view at a time only, thereby saving significant amount of bandwith. In conjunction with other ICN features such as caching and multipoint distribution, this approach can help to make 360-degree video much more viable in constrained networks.

Overall ACM ICN 2017 was a great research festival, and it was especially fascinating to see the all the different demos that applied ICN to a wide range of application domains, including IoT, video, tactical networks, robotics etc. I am really looking forward to ACM ICN 2018 that will be held at Northeastern University in Boston.

IRTF ICN Research Group

Finally, ICNRG had an interim meeting on Friday (September 29) that was focused on new research work and allowed a good amount of time for in-depth discussion (which is not always possible in the more rigid framework of an academic conference).

Michael Frey presented thoughts “Towards an ICN-powered Industrial IoT” and described specific requirements for MSA’s mobile safety appliances. The talk also provided some insights on the particular approach towards ICN for Industrial IoT at MSA and reported some intermediate experimentation results, for example using pub/sub communication in NDN.

Mayutan Arumaithurai and Dennis Grewe presented “Information-Centric Mobile Edge Computing for Connected Vehicle Environments: Challenges and Research Directions“. The talk featured the description of a mixed reality use case called “Electronic Horizon” for cars and a discussion of how its specific edge computing requirements can be met by ICN, pointing at interesting directions for future research.

Michael Krol talked about “Adapting ICN to Function Execution for Edge Computing” and the different research challenges he encountered such as PIT Expiry (when computations take longer…), security, authorization (for function execution), leveraging hardware-based cryptography and secure execution environments (SGX etc.).

This time, we tried a new interactive format at ICNRG which featured a panel-like discussion (with active participation from the rest of the group). The topic was “ICMP-like control-plane communication  for ICN“, following up on an earlier discussion at the last meeting and and on the mailing list. The discussion featured the following contributions:

  1. Non-Application Messages for ICN (Panel introduction by Dave Oran)
  2. Do we need an ICMP for NDN (Thomas Schmidt)
  3. Fraudulent Names (Christian Tschudin)

Full house at ICNRG when Dave Oran kicks-off a discussion in ICN control plane communication

Full house at ICNRG when Dave Oran kicks-off a discussion on ICN control plane communication

During the discussion we clarified what we mean by control messages and discussed several options for representing corresponding semantics in ICN (namespace, message types, header fields). Please consult our detailed meeting notes if you are interested in the discussion.

Bengt Ahlgren talked about “ICN Congestion Control — how to handle unknown and varying link capacity?” and kicked of a discussion on how ICN hop-by-hop congestion control should effectively work together with end-to-end (receiver-driven) congestion control.

Jacopo De Benedetto presented “Interconnection of testbeds to enable better testing” — proposing using the Geant Testbed Service (GTS) for future ICN testing.

Cenk Gündogan and Christopher Scherb provided an “update on CCN-lite and RIOT“. In 2017, the development of CCN-lite v2 has been kicked-off, with many improvements with respect to code modularity, functionality and implementation specifics. One of the planned changes is the introduction of static memory allocation which is deemed important on constrained platforms.

Cenk Gündogan also reported on his work on “CCN LoWPAN“, i.e., mapping the CCNx and NDN protocols to an IEEE 802.15.4 link layer, employing header compression for a more compact message format.

Finally, I provided a short summary of the IRTF T2TRG meeting earlier in the week (see above).

Disclaimer

I was not involved in the local meeting arrangement and general organization of these events. The heavy lifting has been done by Matthias Wählisch, Thomas Schmidt, Emmaniel Baccelli and many supporters at FU Berlin and HAW.

ChangeLog

  • 2017-10-12: Added correct link to ICNRG meeting minutes

Written by dkutscher

October 5th, 2017 at 12:13 am

Posted in Events

ICN Update after IETF-99

without comments

Here is a quick (eclectic) summary of recent events in ICN at/around IETF-99 last week. ICNRG met twice: for a full-day meeting on Sunday and for a regular meeting on Wednesday. (Find a list of all past meeting, agendas, meeting materials, and minutes here.)

Edge Computing and ICN

We presented a summary of the recent Workshop on Information-Centric Fog Computing (ICFC) at IFIP Networking 2017, which featured a few papers on ICN edge computing in IoT and on Named Function Networking, one specific approach to marry access to static data and dynamic computing in ICN.

Moreover, Eve Schooler from Intel announced the three selected projects of the recent Intel/NSF-sponsored call for proposals for projects on ICN in the wireless edge:

Lixia Zhang presented an overview of the first project on Augmented Reality and described how the project conceives AR as one of several applications that can leverage a web of browsable named data, based on decentralized multiparty context-content exchange.

Finally, Yiannis Psaras presented his paper on Keyword-Based Mobile Application Sharing through Information-Centric Connectivity that won the Best Paper Award at ACM MobiArch 2016. In this paper, the authors describe a cloud-independent content and application sharing platform based on ICN.

ICN Demos

Luca Muscariello and Marcel Enguehard presented an overview of the Community ICN (CICN) activity in the Linux Foundation fd.io project and showed a demo of the software and their emulation environment.

IMG_20170716_123755

IMG_20170716_115833

CICN consists of several Open Source ICN implementations, including an efficient VPP-based forwarder implementations. Cisco made this software available after acquiring PARC’s implementation earlier this year.

ICN Specifications Moving Forward Towards Publication

ICNRG has completed its (research group) last calls on the two core specifications for the CCNx variant of ICN:

The fd.io CICN implementations are based on these specifications (that are intended to be published as Experimental RFCs).

ICNRG also started the Last Call for an Internet Draft on Research Directions for Using ICN in Disaster Scenarios that is intended to be published as an Informal RFC. There are a few additional documents that are nearing completion — see our Wiki for more information.

Upcoming Things

There a few exciting events around ICN taking place this summer/fall.

The ACM SIGCOMM ICN Conference 2017 is embedded into a week of cool ICN and IoT events:

  1. IRTF Thing-to-Thing-Research-Group meeting on September 23/24 (Saturday/Sunday)
  2. RIOT Summit 2017 on September 25/26  (Monday/Tuesday)
  3. The ICN Conference itself from September 26 through 26 (Tuesday through Thursday)
  4. IRTF ICNRG meeting on September 27 (Friday)

Moreover, ICNRG plans to meet at IETF-100, most likely on Sunday, November 11 and during the following week.

If you are working on ICN Security, there a current Call For Papers for an IEEE Communications Magazine Feature Topic on Information-Centric Networking Security.

 

 

 

 

Written by dkutscher

July 25th, 2017 at 11:52 am

Posted in Events

2015 ACM SIGCOMM ICN Conference has started

without comments

The 2015 ICN conference has started in San Francisco today!

Program Overview

Wednesday

  • Tutorials on CCN and NDN
  • Posters and demostrations

Thursday

  • Keynote by Van Jacobson: Improving the Internet with ICN
  • Paper presentations on Routing, Node Architectures
  • Panel: ICN — next two years
  • Poster Presentations

Friday

  • Paper presentation on In-Network Caching, Content & Applications, Security
  • Posters and demostrations

 

 

Written by dkutscher

September 30th, 2015 at 6:53 pm

Posted in Events

Tagged with , , , , , ,

Managing Radio Networks in an Encrypted World

without comments

I attended last week’s IAB/GSMA Workshop on Managing Radio Networks in an Encrypted World (MaRNEW).

The motivation for this workshop was the increasing trend of applying transport layer end-to-end encryption in major web applications such as Google services, YouTube, Netflix, Facebook and others. This trend will likely increase due to further deployment of HTTP/2 for which client implementations today try to setup TLS connections per default.

In mobile networks, traffic management but also additional services/functions have traditionally relied on being able to leverage knowledge about application type, application specifics. Example for such functions include policing/prioritization, optimized scheduling, caching, filtering, but also tracking, ad-insertion etc. In addition to functions that operators want to apply, there are also regulation requirements (depending on local legislation) for filtering, legal intercepting etc. that would become more difficult in the presence of ubiquitous encryption.

At the MaRNEW workshop, leading experts from network operators, vendors, application service providers, CDN providers and academic institutions discussed the impact of ubiquitous encryption as well as ideas for enabling an effective collaboration between the network, applications and users to enable optimal performance and resource efficiency.

In particular, the workshop addressed the following topics:

  • Understanding the bandwidth optimization use cases particular to radio networks;
  • Understanding existing approaches and how these do not work with encrypted traffic;
  • Understanding reasons why the Internet has not standardised support for legal interception and why mobile networks have;
  • Determining how to match traffic types with bandwidth optimization methods;
  • Discussing minimal information to be shared to manage networks but ensure user security and privacy;
  • Developing new bandwidth optimization techniques and protocols within these new constraints;
  • Discussing the appropriate network layer(s) for each management function; and
  • Cooperative methods of bandwidth optimization and issues associated with these.

Encryption: Technological and Business Aspects

It is not a secret that there are different aspects for discussing end-to-end encryption in public networks. Obviously, encryption helps with user privacy, and with the background of recent and current revelations of privacy breaches through pervasive monitoring, it has become common agreement that more (easily deployable) encryption would be useful to overcome this.

There is however also the business perspective: the Internet and specifically the eco system of mobile communication and service provision has multiple stake holders, each of those with their particular interests: network operators want to provide a useful service, in an economical way and may have an interest to enhance the overall service quality through various technical measures. Application service providers want their particular service to perform well over a range of different networks. Network equipment vendors have their product roadmaps and network architecture preferences etc.

Finally, there are the actual users of the system who have an interest in good quality of experience, cost-efficiency — and privacy. Privacy is not only a concern with respect to (illegal) pervasive monitoring by agencies, but also with respect to maintaining anonymity and confidentiality towards network and service providers. For many applications, user profiles, user-generated data etc. is also a key business asset — so there is a strong interest by different players to either get access to that data — or (depending on the nature of a player) to keep other players from accessing it — through encryption.

The MaRNEW workshop focused on the technological discussion.

Impact of Encryption

During the discussion the following main impacts of ubiquitous encryption on mobile network were identified:

  • Traditional ways of identifying and classifying network traffic (DPI) become more costly and potentially infeasible.
  • Traditional traffic management systems have relied on such classification, for different purpose: optimizing resource usage in access networks according to operator policies, forwarding of traffic through optimizers, caches etc., as well as filtering. Those approaches and the actual requirements behind them need to be revisited.
  • Content and service provisioning in both mobile and fixed networks today is heavily relying on CDN and in-network application functions. In addition, new approaches such as Mobile Edge Computing may shift more of such functions to access networks. The motivation is to provide better performance and cost efficiency through offloading networks (CDN cache hits) and through reducing latency and transport protocol performance (local control loops, reduced RTT to caches). Introducing more and more end-to-end encryption makes it impossible for operators to provide any application (or CDN-provider)-independent optimization functions. The alternative of running individual instances for each individual CDN provider does not seem promising. It could also be a major road block for future network and application innovation — because each of those individual functions might require upgrading to introduce in-network support for it.

Way Forward

cooperative-traffic-management

 

(Copyright 2015 NEC)

At the workshop, different solutions were discussed.

  • First, it was agreed that the actual impact needs to be understood better and ought to be quantified. For example, assuming that some knowledge about application types (or corresponding service quality expectations) could be leveraged by base stations for more efficient transmission scheduling (e.g., by delaying packets of non-latency-sensitive flows or by operating multiple queues for different flow types), networks should at least be able to obtain corresponding hints from senders. However, the actual impact and potential benefits have to be demonstrated. Operators will work on that issue.
  • The (Internet) transport protocol community has made significant progress in recent years on several fronts: Active Queue Management (AQM) such as fq_codel and PIE have been demonstrated to be able to improve load balancing and reduce latency in router queues. Moreover, transport protocol research has led to promising results (for example PCC — Performance-oriented Congestion Control). It was suggested that those mechanisms should be implemented and deployed where possible.
  • Several options for Cooperative Traffic Management have been discussed. For example this could included exchanging certain information between the network and senders/receivers. The network could inform endpoints better about congestion and non-congestion-induced problems (for example in an extended ECN fashion), or endpoints could inform the network about relevant meta information (application type, QoS requirements etc.). The latter could leverage existing technologies such as DiffServ. Potentially, it would be sufficient to distinguish delay-sensitive flows (e.g., for interactive real-time) and delay-tolerant flows (file download etc.). One interesting question is how endpoints would be incentivized to use such signaling correctly and how corresponding APIs would look like.
  • Overcoming the general limitations of connection-based security and its tendency to require application-specific (or CDN-provider-specific) in-network functions could require a more fundamental rethinking of network architecture and protocol layering. For example, Information-Centric Networking (ICN) would leverage object-security (authentication, encryption), hence enabling the network to implement functions such as caching, local transport strategies etc. in an application manner. This could be of particular relevance for 5G networks where a higher level of dynamicity in the creation and deployment of new OTT services are expected.

For the discussion of such solutions, I (together with several colleagues) have made two contributions to the workshop: 1) Enabling Traffic Management without DPI, and 2) Maintaining Efficiency and Privacy in Mobile Networks through Information-Centric Networking.

Enabling Traffic Management without DPI

Is DPI really needed for traffic management in mobile networks? Our position is “no”. Traffic management is usually realized through relatively simple mechanisms like rate shaping, prioritization, and dropping packets. Compared to these mechanisms, the semantics of applications that can be exposed through DPI are much richer; traffic classification anyway maps these semantics down to a simple set of categories.

The question then arises whether operators are really helped by brittle, insecure and expensive mechanisms for gaining higher fidelity information for the coarse traffic information for traffic management, or whether simple signaling would suffice for traffic classification for mobile network management purposes.

Obviously, when relying on endpoints to signal information about the underlying application which may be used to change the network’s treatment of that application’s traffic, questions of trust arise: how can the network be sure the endpoints are being honest, and prevent endpoints from gaming the system to their advantage (and the disadvantage of others); can these signaling approaches be used as an attack vector. Here the approach is to define the vocabulary of the signaling protocol to properly incentivize honest cooperation, while allowing the network to verify this cooperation.

We discuss two application-independent approaches for traffic management that are based on network-compatible metrics: ConEx Policing and low latency support with SPUD.


Congestion Exposure (ConEx) is a mechanism that enables senders to inform the network about previously encountered congestion in flows thus enabling senders and network infrastructure to respond to congestion based on operator policies. This information is provided in the IP header and can still be accessed even if the payload is encrypted. ConEx information is auditable by comparing the congestion level at network egress to the ConEx signal which incentivizes the sender to state its congestion contribution correctly.

Using ConEx would allow for a bulk packet traffic management system that does not have to consider application classes. Instead, with ConEx accurate downstream path information on incipient congestion are visible to ingress network operators. This information can be used to base traffic management on the actual current cost (which is the contribution to congestion of each flow) and enable operators to apply congestion-based policing/accounting depending on their preference and independent of application characteristics. Such traffic management would be simpler, more robust (no real-time flow application type identification required, no static configuration of application classes) and provide better performance as decisions can be taken based on the real actual cost contribution at each point in time.

The Substrate Protocol for User Datagrams (SPUD) is a new approach to selective information exposure designed to support transport evolution. SPUD is realized as a shim between UDP and an (encrypted) transport protocol. The basic SPUD protocol provides minimal sub-transport functionality by grouping of packets together into tubes and signaling of the start and end of a tube.

This will assist middleboxes in state setup and teardown along the path. Further, SPUD provides an extensible signaling mechanism based on a type-value encoding for associating properties with individual packets or all packets in a tube. The SPUD protocol can be used to signal low latency requirements from an endpoint to the network, or expose the existence of support for such services from the network to the endpoint. Therefore we propose to provide four SPUD signals: a latency sensitivity flag, a signal to yield to another tube, an application preference for a maximum single queue delay, and a facility to discover the maximum possible single queue length along the path.

Based on the latency-sensitivity flag a network operator can implement an additional service (as compared to today’s best effort service) that uses smaller queues and/or different AQM parameters without changing the service that is provided today. Signaling of lower queue priority or maximum single hop delay can further be used to preferentially drop packets of the same sender or within one flow. Information about expected queuing delays on the path can be used for buffer configuration at the endpoints.

The proposal is not intended as a blueprint for immediate implementation — but it demonstrates how cooperative traffic management could be implemented. In our view, cooperative traffic management requires a solid understanding of the interactions with transport layer and the corresponding performance impacts/improvements.

Maintaining Efficiency and Privacy in Mobile Networks through Information-Centric Networking

We present a solution to overcome the impasse of deploying confidentiality at the cost of breaking most of current network traffic engineering in mobile networks. Our proposition is based on Information-Centric Networking (ICN) which is a data-centric network architecture that gracefully incorporates security and traffic optimization.

Content-based security instead of connection based is the foundation of the Information-Centric Networking (ICN) architecture. In ICN, we provide a network service that directly implements the desired information-access abstraction. The network forwards requests for named data and corresponding responses containing the data. The name can be cryptographically bound to the data for ascertaining authenticity. This enables the network to replicate data objects in arbitrary locations, thus enabling ubiquitous caching. Object data can also be encrypted for user privacy, leaving other network-relevant information such as the name intact – thus maintaining options for traffic management, policing etc. The performance gains of having ICN in the mobile backhaul have been evaluated experimentally (see paper). ICN incorporates these ideas into a novel network layer providing all of the mentioned objectives without using man-in-the-middle like solutions.

ICN secures data itself by requiring producers to cryptographically sign every data packet: the signature constitutes the integrity meta-data. The data is uniquely identified by a name that is bound to the data via the signature. The producer’s public key to implement signature verification can be obtained by using the KeyLocator field which can be the name of the data containing the key of the producer. Authentication is implemented via the producer’s key that makes use of a trust model, e.g. PKI, Web-of-Trust that can be extended using key chaining to delegate trust to different sub-namespaces (for hierarchical naming). Confidentiality is obtained by encryption of the data payload using the producer’s key. Notice that authenticity, integrity and confidentiality are independent features.

Once data is published by the producer it can be stored in any location without affecting the security properties of the data which are location independent. Inter-networking of encrypted data is included by design in ICN and in-network caching is always possible with or without confidentiality. Authenticity might not be necessary in many cases so the authentication of the identity of the producer is optional. It is not mandatory either to verify the integrity of the data by verification of the signature. It is important to remark that ICN disantangles authenticity, privacy and integrity so that they can be handled in different ways and without the interaction of end-hosts.

TLS provides web security by encrypting a layer 4 connection between two hosts. Authenticity is provided by the web of trust (certification authorities and a public key infrastructure) to authenticate the web server and symmetric cypher on the two end points based on a negotiated key. In presence of TLS many networking operations become unfeasible: filtering, caching, acceleration, trans-coding.

ICN takes a radically different approach to guarantee confidentiality, authenticity and integrity by embedding them into a redefined network layer. Indeed, ICN builds on the abstraction of data requested, accessed, cached and forwarded by name: the network forwards requests coming from the consumer for named data and routes back data packets on the identical reverse path (symmetric routing).

The ICN communication model allows network nodes between a web server and a web client to operate as forwarding and storage functions to implement various inter-networking functionalities like caching or load balancing without relaxing any security feature. As a fully fledged data-centric network architecture, ICN incorporates mobility, storage, security and multi-point communication by design.

Written by dkutscher

September 28th, 2015 at 12:49 am

ICN-2015 Conference Program

without comments

Join us for the ICN-2015 Conference in San Francisco from Sep. 30 to Oct. 2.

ACM ICN is an annual conference of the ACM Special Interest Group on Data Communication (SIGCOMM) on information-centric networking.

In a nutshell, this year’s conference includes
– 1 keynote given by Van Jacobson
– 19 full papers presented in single track format
– 8 posters
– 10 demos
– 2 full-day tutorials
– 1 industrial panel

Conference details:
http://conferences.sigcomm.org/acm-icn/2015/

Registration details:
http://www.regonline.com/icn2015

Keynote:
– Van Jacobson, Internet pioneer and core architect of Named Data
Networking (NDN), will talk about “Improving the Internet with ICN”.

Tutorials:
– CCN: Practical CCNx – Protocol and Code
– NDN: Security & Synchronization in Named Data Networking (NDN)

Panel:
– Next Steps for ICN: Research, Applications, Deployment and Economics

Topics of papers, posters, and demos include:
– Architecture design and evaluation
– Comparison of ICN architecture proposals
– Limits and limitations of ICN architectures
– ICN evaluation methodology and metrics
– Evaluation of ICN benefits
– Analysis of scalability issues in ICN
– ICN enabled applications
– Routing in ICN networks
– Mobility support
– Trust management
– Access control mechanisms
– ICN economics and business models
– Tools and experimentation facilities
– Measurement methodologies
– Experience from implementations and experiments
– Specific scenarios and implementation approaches
– Feasibility studies for high speed networking
– Privacy
– ICN Deployment
– ICN APIs

Check out the program.

Written by dkutscher

August 20th, 2015 at 10:42 am

Posted in Events

Tagged with ,