Elsevier

Computer Networks

Volume 54, Issue 7, 17 May 2010, Pages 1142-1154
Computer Networks

Design and implementation of the Node Identity Internetworking Architecture

https://doi.org/10.1016/j.comnet.2009.10.015Get rights and content

Abstract

The Internet Protocol (IP) has been proven very flexible, being able to accommodate all kinds of link technologies and supporting a broad range of applications. The basic principles of the original Internet architecture include end-to-end addressing, global routeability and a single namespace of IP addresses that unintentionally serves both as locators and host identifiers. The commercial success and widespread use of the Internet have lead to new requirements, which include Internetworking over business boundaries, mobility and multi-homing in an untrusted environment. Our approach to satisfy these new requirements is to introduce a new Internetworking layer, the node identity layer. Such a layer runs on top of the different versions of IP, but could also run directly on top of other kinds of network technologies, such as MPLS and 2G/3G PDP contexts. This approach enables connectivity across different communication technologies, supports mobility, multi-homing, and security from ground up. This paper describes the Node Identity Architecture in detail and discusses the experiences from implementing and running a prototype.

Introduction

The basic principles of the original Internet architecture include end-to-end addressing, global routeability and a single address space of IP addresses that act as locators and node identifiers at the same time. These principles are suitable for static and well-managed network hierarchies. However, since the Internet has evolved from a small research network to a worldwide information exchange network, a growing diversity of commercial, social, ethnic, and governmental interests have led to increasingly conflicting requirements among the competing stakeholders. These conflicts create tensions that the original Internet architecture struggles to withstand [6].

The commercial success and widespread use of the Internet have lead to new requirements for a future Internet, which include Internetworking over business boundaries, mobility, multi-homing, and security for untrusted environments. These requirements has prompted research into different Internetworking architectures [7], [8], [9], [10], [21], [22]. Concurrently with this research into new Internetworking architectures, a demand for private, autonomous networks is growing. Although still connected to the global Internet, these autonomous networks offer local features and capabilities that are independent from the public Internet. The solution today to achieve more autonomy is often to use Network Address Translators (NAT) [11], which is a popular method for reusing address space and decoupling routing in the private network from routing in the public Internet. Although these capabilities of NATs mitigate many immediate problems, NATs are not a clean solution [12].

The fundamental problems of the Internet Protocol stems from overloading two separate functionalities onto the same bit string of the IP address. One is its use as a locator, i.e., as an address that denotes a location in the topology of the network and specifies a network attachment point (interface). The second one is that of an identifier that describes the identity of a node.

The problem with the NAT approach is that it translates between internal and external addresses and with that also implicitly translates between the associated identities. This causes applications and protocols that exchange IP addresses in their payloads, such as FTP, to break.

The problem with addressing a network attachment point is that today most hosts have more than one communication capability, and with it the possibility to attach to the network through several interfaces. This multi-homing causes the host to show up with multiple interface addresses, and thus multiple identities. Furthermore, the Internet is an untrusted network, and more emphasis is required to secure the communication across the network.

Finally, designing and implementing a new Internetworking architecture always poses the question on the feasibility of deploying it globally. Therefore, measures must be taken to design for gradual deployment, such that early adopters benefit, without others having to migrate. Also the changes to the network required, should be limited and management of the network should be minimal. Finally, the architecture needs to scale up to global deployment.

The Node Identity Internetworking Architecture [1], [2] is designed to address the above described challenges architecturally, and not as an after thought or patch of the today’s Internet. Its key characteristics are the separation of a node’s identity from its location (well-known from various approaches), the use of a node’s identity for inter-domain routing, a proposal to scale up routing for flat, cryptographic identifiers to Internet-scale networks, and the notion of locator domains. Multiple locator domains, which may use different technology, addressing and/or routing schemes, are intrinsically supported, where at locator domain borders a process similar to twice-NAT is performed. Mobility and host multi-homing are supported by decoupling the node identity from the topological meaning of the addresses. Routing and Forwarding based on node’s identity is regarded non-scalable by many people (though the TurfNet [27] proposal has shown that it would be doable with today’s server technology). The Node Identity Internetworking Architecture proposes a concept of a routing hint to over-come those reservations. Finally, security is built-in through the usage of cryptographic node identities.

There have been quite a number of architectural proposals around locator-identifier split architectures, only a very few have really implemented proof-of-concept prototypes and evaluated their proposals for feasibility. The Node Identity Architecture has been implemented by changing and extending the HIP protocol implementation. Additionally, the implementation has been used as a base networking technology for a P2P SIP implementation and for running Web Services applications on top of it without major problems.

This paper describes the Node Identity Architecture in detail and discusses the experiences from implementing a prototype.

The remainder of this document is organized as follows. In Section 2, we describe the Node Identity Architecture including assumptions, principles and key features. Section 3 introduces some specific implementation options and Section 4 presents the prototype implementation used for the experimental evaluation and its results. A discussion on the proposed architecture is provided in Section 5. Section 6 presents some related work and the differences to the Node Identity Architecture. Finally, the paper is concluded in Section 7.

Section snippets

Assumptions and principles

The Node Identity Internetworking Architecture, NodeID in short, is based on two main ideas. The first idea is the notion of a node identity layer directly on top of existing networking technology. This layer provides unique cryptographic identifiers for nodes, called node identities (NIDs), which are independent of the node’s current location and network address. The second idea is to perform routing in the node identity layer using the node identifiers with the purpose of providing mobility

Design and implementation issues

The previous section has presented the general design of the NodeID architecture. In the following, we discuss a set of detailed design and implementation specific issues that should get considered when instantiating the architecture into a real implementation.

Proof-of-concept and experimental evaluation

We have implemented a small scale prototype of the NodeID Internetworking architecture. The prototype was built in order to show how the more abstract concepts and guidelines in the architecture could be implemented, to force the details of the basic Internetworking mechanisms to be ironed out, and to investigate the feasibility of the architecture on a small scale.

Discussion

The previous sections have introduced the ingredients of the Node Identity Internetworking Architecture. In this section, we discuss implications of various design choices and present some experiences gained while implementing the prototype.

Related work

There have recently been several different proposals for new Internet architectures but few of them are being instantiated or prototyped.

The NodeID architecture is based on two main ideas: first to introduce a node identity layer, and then to do routing on the node identifiers to support mobility and multi-homing, as well as bridging heterogeneous address domains. The first of these ideas – the separation of identity and location – is shared with many other proposed architectures including FARA

Conclusions and future work

We have presented the NodeID architecture as a solution to some of the challenges faced by the Internet’s infrastructure. The two-layer routing model, where the new second layer performs routing on flat node identifiers, relieves the current IP routing from dealing with node and network mobility and multi-homing, as well as basic security functions. With this separation, the IP layer can continue to focus on providing high performance packet forwarding. The more advanced functions are instead

Acknowledgments

Part of this work is a product of the Ambient Networks project supported in part by the European Commission under its Sixth Framework Program. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the Ambient Networks project [30] or the European Commission.

Simon Schütz graduated with a diploma degree in Commercial Computer Science at University of Mannheim, Germany, in June 2004. He then joined NEC Laboratories Europe, Heidelberg, Germany, as researcher and software specialist in the context of EU/IST projects such as Ambient Networks and Trilogy. His main research interests focused on next-generation Internet architecture and self-configuration mechanisms. Since July 2008, he is a Software Engineer at ICT Software Engineering GmbH, Karlsruhe,

References (32)

  • Bengt Ahlgren, Jari Arkko, Lars Eggert, Jarno Rajahalme, A node identity internetworking architecture, in: Proceedings...
  • S. Schuetz, R. Winter, L. Burness, P. Eardley, B. Ahlgren, Node identity internetworking architecture, Internet Draft,...
  • HIP for inter.net Project,...
  • R. Moskowitz, P. Nikander, Host Identity Protocol (HIP) Architecture, RFC 4423, May...
  • D. Farinacci, V. Fuller, D.Oran, Locator/ID Separation Protocol (LISP), Internet-Draft, draft-farinacci-lisp-12 (work...
  • D. Clark, J. Wroclawski, K.R. Sollins, R. Braden, Tussle in cyberspace: defining tomorrow’s internet, in: Proceedings...
  • D. Clark, R. Braden, A. Falk, V. Pingali. FARA: reorganizing the addressing architecture, in: Proceedings of the ACM...
  • J. Crowcroft, S. Hand, R. Mortier, T. Roscoe, A. Warfield, Plutarch: an argument for network pluralism, in: Proceedings...
  • D.R. Cheriton, M. Gritter, TRIAD: A Scalable Deployable NAT-based Internet Architecture, Stanford Computer Science...
  • R. Braden, D. Clark, S. Shenker, J. Wroclawski, Developing A Next-Generation Internet Architecture. Whitepaper...
  • P. Srisuresh, M. Holdrege, IP Network Address Translator (NAT) Terminology and Considerations, RFC 2663, August...
  • M. Holdrege, P. Srisuresh, Protocol Complications with the IP Network Address Translator, RFC 3027, January...
  • J. Li, J. Jannotti, D.S.J.D. Couto, D.R. Karger, R. Morris, A scalable location service for geographic ad hoc routing,...
  • M. Caesar, T. Condie, J. Kannan, K. Lakshminarayanan, I. Stoica, S. Shenker, ROFL: routing on flat labels, in:...
  • I. Stojmenovic, Location updates for efficient routing in ad hoc wireless networks, Handbook of Wireless Networks and...
  • Jordi Pujol, Stefan Schmid, Lars Eggert, Marcus Brunner, Scalability analysis of the TurfNet internetworking...
  • Cited by (9)

    • A survey on handover management in mobility architectures

      2016, Computer Networks
      Citation Excerpt :

      The TAHI project was concluded at the end of 2012 by providing implementations of several protocols and test tools, e.g., IPv6 core, IPsec, DHCPv6, MIPv6, NEMO [90]. An implementation of MMUSE is available in [91]. The prototype is written in Java language (which makes it a multi-platform solution) and uses mjsip as SIP stack.

    • Multihoming: A Comprehensive Review

      2013, Advances in Computers
      Citation Excerpt :

      Hybrid proposals rely on the locator-identifier split paradigm, nonetheless, some organize the network in an hierarchical way to facilitate deployment and management. The Node ID Internetworking Architecture (NIIA) [170] organizes the network as a tree, and employs default routes to parent nodes to enable inter-domain routing. In addition, NIIA supports multiple registration of nodes in the tree (useful when there are multiple interfaces).

    • End-To-End Mobility for the Internet Using ILNP

      2019, Wireless Communications and Mobile Computing
    • Survey on mobility and multihoming in future internet

      2014, Wireless Personal Communications
    View all citing articles on Scopus

    Simon Schütz graduated with a diploma degree in Commercial Computer Science at University of Mannheim, Germany, in June 2004. He then joined NEC Laboratories Europe, Heidelberg, Germany, as researcher and software specialist in the context of EU/IST projects such as Ambient Networks and Trilogy. His main research interests focused on next-generation Internet architecture and self-configuration mechanisms. Since July 2008, he is a Software Engineer at ICT Software Engineering GmbH, Karlsruhe, Germany, developing embedded/on-board system software in the automotive sector.

    Henrik Abrahamsson is a researcher at the Swedish Institute of Computer Science (SICS) in Kista, Sweden. He joined SICS and the Communication Networks and Systems laboratory in 1999. He recieved a Masters degree in computer science from Uppsala University in 2002 and a Licentiate degree from Mälardalen University in 2008. His research interests include Internet traffic management, IPTV distribution, and the evolution of the Internet architecture.

    Bengt Ahlgren is a senior researcher and leader of the Communication Networks and Systems laboratory. He is also the director of the excellence center SICS Center for Networked Systems. He has a leading technical role in the currently ongoing EU project 4WARD - Architecture and Design for the Future Internet. He received his Ph.D. in computer systems in 1998 from Uppsala University, Sweden. He conducts research in the area of computer networking including the protocols and mechanisms of the Internet infrastructure. His main interest is the evolution of the Internet architecture, especially issues with naming and addressing on a global scale. Lately his research focus is on designing networks based on an information-centric paradigm.

    Marcus Brunner is chief researcher at the Network Laboratories of NEC Europe Ltd. in Heidelberg, Germany. He received his Ph.D. from the Swiss Federal Institute of Technology (ETH Zurich), while working in the Computer Engineering and Networks Laboratory (TIK) of the Electrical Engineering Department in 1999. He got his M.S. in Computer Science from ETH Zurich in 1994. Aside from the involvement in different national and international projects, his primary research interests include network architectures (fixed and mobile), programmability in networks, network and service management. He is a leading member of the network management research community with being in the Organization and Technical Program Committees of major network management conferences such as NOMS, IM, DSOM, IPOM, etc. E.g. he was TPC co-chair of NOMS’08. Also in the networking area he is in the Organization and Technical Program Committees of major conferences such as IEEE Globecom, IEEE ICC, IEEE LCN, etc. He is currently IEEE Globecom 08 and ICC’09 symposium chair on Next Generation Networks. He is in the editorial board of the IEEE Transactions on Network and Service Management (TNSM), the Journal of Network and Systems Management (JNSM), and the Journal on Peer-to-Peer Networking and Applications. Finally, he is secretary of the IEEE Communication Society Technical Activities Council (TAC) and secretary of the IEEE ComSoc technical committee on Network Operation and Management (CNOM).

    View full text