Overlay Network Mechanisms for Peer-To-Peer Systems

Total Page:16

File Type:pdf, Size:1020Kb

Overlay Network Mechanisms for Peer-To-Peer Systems Overlay Network Mechanisms for Peer-to-Peer Systems Vom Fachbereich Informatik der Technischen Universität Darmstadt genehmigte Dissertationsschrift in englischer Sprache von M.A.Sc. Vasilios Darlagiannis geboren am 08.06.1973 in Kozani, Griechenland zur Erlangung des Grades eines Doktor-Ingenieur (Dr.-Ing.) Darmstadt 2005 Hochschulkennziffer D17 Erstreferent: Prof. Dr.-Ing. Ralf Steinmetz Korreferent: Prof. Nicolas D. Georganas (Ph.D.) Tag der Einreichung: 29.04.2005 Tag der Disputation: 14.06.2005 Kurzfassung (Deutsch) Das Peer-to-Peer (P2P) Paradigma bietet einen alternativen Designansatz für Verteilte Systeme, das die Forderung nach einem dedizierten Dienstanbieter, wie im Client-Server Fall notwendig, lockert. Der P2P-Ansatz ergründet das Potential Verteilte Systeme zu schaffen, die auf Ressourcen und Diensten beruhen, die durch jedes End-Gerät, das an ein herkömmliches Kommunikationsnetz wie das Internet angeschlossen ist, zur Verfügung gestellt werden. Verteilte Systeme basierend auf dem P2P-Paradigma formen, virtuelle Netzwerke, so genannte Overlay-Netzwerke, die auf physikalischen Telekommunikations- netzwerken aufsetzen. Ein Overlay-Netzwerk ist hierbei eine notwendige Abstraktion, die sowohl die funktionalen Anforderungen, wie z. B. Verbindungsverwaltung, Indezierung und Routing, erfüllen muss, als auch nicht-funktionale Eigenschaften, wie z. B. Skalierbar- keit, Ausfallsicherheit und Lastausgleich, berücksichtigen sollte. Eine Herausforderung ist hierbei Overlay-Netzwerke so zu gestalten, dass die gestellten Anforderungen befriedigt werden und gleichzeitig potentielle Konflikte zwischen diesen Anforderungen auf geeignete Weise gelöst werden. Diese Dissertationsschrift erforscht eine neuartige Architektur zur Entwicklung von effizi- enten Overlay-Netzwerken für P2P-Systeme, welche die wichtigsten Charakteristiken von häufig eingesetzten Systemen berücksichtigt. Im speziellen wird die Anzahl von Teilneh- mern berücksichtigt, die zu Skalierbarkeits- und Erweiterbarkeits-Problemen führen kann. Darüber hinaus befasst sich die Arbeit mit dem unkontrollierbaren und schwer vorherzu- sehenden Verhalten der Knoten von P2P-Systemen, was zu hoch dynamischen, schwan- kenden und veränderlichen Overlay-Netzwerk-Topologien führt. Durch dieses Verhalten wird der Entwurf ausfallsicherer und stabiler Systeme, die effizient und mit minimalen Wartungskosten betrieben werden können, zur Herausforderung. Zusätzlich muss auch die intrinsische Heterogenität der physischen Eigenschaften und das Benutzerverhalten be- rücksichtigt werden, die eine gerechte Verteilung der Aufgaben erschwert. Um die oben aufgeführten Anforderungen zu erfüllen, wurde eine Anzahl von Mechanismen entworfen. Für die Netzwerktopologie wir die Nutzung von de Bruijn-Graphen vorgeschla- gen. Sie besitzen attraktive Eigenschaften, da ihr Graph-Durchmesser logarithmisch zur Grösse des Graphen wächst, sogar bei konstanter Kantenzahl. Dies ist besonders nütz- lich, um den Anforderungen an Skalierbarkeit mit minimalen Wartungskosten gerecht zu werden. Jedoch erweist sich hierbei die nur exponentielle Erweiterbarkeit von de Bruijn- Graphen als Problem. Ein Algorithmus zum Aufbau von Graphen basierend auf lokaler Information wurde vorgeschlagen, um de Bruijn-Varianten mit inkrementellen Erweite- rungseigenschaften zu definieren. Darüber hinaus gibt es aber auch Bedenken bzgl. der Ausfallssicherheit wegen der konstante Anzahl von Kanten pro Knoten, die vorzugsweise iii so klein wie möglich sein sollte, um die Wartungskosten des Graphen gering zu halten. Dieses Problem wird durch die Einführung von Peer-Cluster, durch die Zuverlässigkeit ga- rantiert wird, und eine so genannte Two-Tier-Topologie, bei der die de Bruijn-Strukur auf die Inter-Cluster-Verbindungen angewandt wird, adressiert. Durch diese hybride Topologie ergibt sich ein wohl strukturiertes Netzwerk. Parallel hierzu erlaubt dies die Wahl direkter Nachbar-Peers unter mehreren Peers eines Nachbar-Clusters. Dies wird duch unterschied- liche Richtlinien und Metriken gesteuert, d.h. einer effizienten Abbildung auf die unter- liegende Netzwerkstruktur oder durch so genannte Trust-Level-Richtlinien. Ferner werden Mechanismen für die Intra-Cluster-Organisation vorgeschlagen, die die Heterogenität der einzelnen Peers einbeziehen. Hierfür wurde ein Rollen-basierter Ansatz entwickelt. Die all- gemeinen Kernoperationen von P2P-Overlay-Netzwerken wurden identifiziert, wobei jeder Operation eine Rolle zugeordnet wurde. Vier Basis-Rollen wurden identifiziert: Routers, Cachers, Indexers und Maintainers. Peers werden Rollen aufgrund ihrer Fähigkeiten und vorhergesagtem Verhalten zugewiesen, damit jeder Peer effizient und ohne die Gesamt- leistung des Systems zu behindern oder zu verringern zum System beiträgt. Zuverlässige Regeln sorgen hierbei für ausgeglichene Beiträge eines jedes Peers, was zu einer gerechten Lösung führt. Die vorgeschlagene Architektur wurde im Omicron-Ansatz umgesetzt. Das resultierende System wurde sowohl analytisch als auch durch Simulation evaluiert. Der analytische Ansatz basiert auf stochastischer Modellierung sowie der Analyse und Evaluation der Mechanismen, die Daten von empirischen Untersuchungen breit eingesetz- ter P2P Systemen berücksichtigt. Des weiterer werden so genannte "burn-in" Methoden, die verhältnisbezogene Zuverlässigkeitsbetrachtungsweisen nutzen, zur Optimierung der Rollenzuordnung eingesetzt. Für die Simulation wurde ein Werkzeug benötigt, das in der Lage ist, die Dynamik des Be- nutzerverhalten, die Eigenschaften des unterliegenden Netzwerks und das Zusammenspiel der eingebundnen P2P-Protokolle abzubilden. Für die Evaluation der Arbeit wurde ein solches Werkzeug basierend auf einer offenen Architektur entwickelt, das ebenfalls andere wichtige Ansätze einschliesst. Damit werden vergleichende quantitative Leistungsmessun- gen für eine Vielzahl verschiedener interessanter Einsatzszenarien ermöglicht. Sowohl die Ergebnisse der Analyse als auch der Simulation bestätigen das überlegene De- sign von Omicron für grosse, dynamische und heterogene Umgebungen, und seine Fähigkeit effizient die grosse Zahl von Zielkonflikten der Anforderungsbeschränkungen aufzulösen. iv Abstract The Peer-to-Peer (P2P) paradigm provides an alternative design approach for distributed systems, which relaxes the requirement for dedicated service providers as it is the case in client-server systems. The P2P approach explores the potential to create distributed systems based on the resources and the services that can be provided by any end-point device connected to a common communication medium, i.e. the Internet. P2P-based dis- tributed systems develop dedicated virtual networks on top of physical telecommunication networks, the so-called overlay networks. An overlay network is a mandatory abstraction from physical networks to both flexibly fulfill functional requirements such as connectivity maintenance, indexing and routing, as well as to satisfy non-functional ones, such as scala- bility, fault-tolerance and load-balance. A challenging aspect in designing overlay networks is the satisfaction of the posed requirements, while coping with potential conflicts among them in a customizable way. This thesis investigates a novel architecture for designing effective overlay networks for P2P systems that considers the most important characteristics of widely deployed systems. In particular, the large number of participants is considered, which introduces network scala- bility and expandability issues. Moreover, the thesis is concerned with their uncontrollable and difficult to predict behavior, which causes highly dynamic and fluctuating overlay net- work topologies. Such behavior makes it challenging to design resilient and stable systems that can operate effectively with minimum maintenance cost. Additionally, an important consideration is the intrinsic heterogeneity of their physical capabilities and user behavior that aggravates the problem of even workload distribution. A number of mechanisms have been devised to meet the aforementioned requirements. Starting with the network topology, the usage of de Bruijn graphs is proposed. Their attractive characteristic of having a logarithmically increasing diameter, even when nodes have fixed degree, is particularly useful to address the scalability requirement with mini- mum maintenance cost. However, the exponential expandability is an intrinsic issue for de Bruijn graphs. A graph construction algorithm based only on local information has been proposed to define de Bruijn variants with incremental expandability properties. More- over, the fixed node degree (preferably as small as possible to keep the graph maintenance costs low) poses resiliency concerns. This matter is addressed with the introduction of peer clusters that guarantee their reliability and with a two-tier topology where the de Bruijn structure applies at the inter-cluster connections. This hybrid topology provides a tightly structured network. In parallel, it gives the freedom of selecting neighbor peers from sev- eral members of the neighbor clusters. This selection can be driven by various policies and metrics, i.e., by the efficient mapping to the underlying network or by satisfying trust-level v requirements. Additional mechanisms have been proposed for the intra-cluster organiza- tion that deals with peer heterogeneity. For this issue, a role-based approach has been investigated. The common, basic operations of P2P overlay networks have been identified assigning a role to each of them. More specifically, four core roles have been identified:
Recommended publications
  • Overlay Networks EECS 122: Lecture 18
    Overlay Networks EECS 122: Lecture 18 Department of Electrical Engineering and Computer Sciences University of California Berkeley What is an overlay network? A network defined over another set of networks A The overlay addresses its own nodes A’ A Links on one layer are network segments of lower layers Requires lower layer routing to be utilized Overlaying mechanism is called tunneling March 23, 2006 EE122, Lecture 18, AKP 2 1 Overlay Concept C5 7 4 8 6 11 2 10 A1 3 13 B12 Overlay Network Nodes March 23, 2006 EE122, Lecture 18, AKP 3 Overlay Concept C5 7 4 8 6 11 2 10 A1 3 13 B12 Overlay Networks are extremely popular Akamai, Virtual Private Networks, Napster, Gnutella, Kazaa, Bittorrent March 23, 2006 EE122, Lecture 18, AKP 4 2 Why overlay? Filesharing Example Single point of failure Performance bottleneck m5 Copyright infringement m6 E F D E? m1 A E m2 B m4 m3 C file transfer is m4 D Napster E? decentralized, but m5 E m5 locating content m6 F is highly C centralized A B m3 m1 m2 March 23, 2006 EE122, Lecture 18, AKP 5 Build an Overlay Network Underlying Network March 23, 2006 EE122, Lecture 18, AKP 6 3 Build an Overlay Network The underlying network induces a complete graph of connectivity No routing required! Underlying Network March 23, 2006 EE122, Lecture 18, AKP 7 Overlay The underlying network induces a complete graph of connectivity 10 No routing required! But 200 100 One virtual hop may be many 90 underlying hops away. 90 100 Latency and cost vary significantly over the virtual links 10 100 20 State information may grow with E (n^2) 10 March 23, 2006 EE122, Lecture 18, AKP 8 4 Overlay The underlying network induces a complete graph of connectivity No routing required! 1 2 But One virtual hop may be many underlying hops away.
    [Show full text]
  • Adaptive Lookup for Unstructured Peer-To-Peer Overlays
    Adaptive Lookup for Unstructured Peer-to-Peer Overlays K Haribabu, Dayakar Reddy, Chittaranjan Hota Antii Ylä-Jääski, Sasu Tarkoma Computer Science & Information Systems Telecommunication Software and Multimedia Laboratory Birla Institute of Technology & Science Helsinki University of Technology Pilani, Rajasthan, 333031, INDIA TKK, P.O. Box 5400, Helsinki, FINLAND {khari, f2005462, c_hota}@bits-pilani.ac.in {[email protected], [email protected]}.fi Abstract— Scalability and efficient global search in unstructured random peers but at specified locations that will make peer-to-peer overlays have been extensively studied in the subsequent queries more efficient. Most of the structured P2P literature. The global search comes at the expense of local overlays are Distributed Hash Table (DHT) based. Content interactions between peers. Most of the unstructured peer-to- Addressable Network (CAN) [6], Tapestry [7], Chord [8], peer overlays do not provide any performance guarantee. In this Pastry [9], Kademlia [10] and Viceroy [11] are some examples work we propose a novel Quality of Service enabled lookup for of structured P2P overlay networks. unstructured peer-to-peer overlays that will allow the user’s query to traverse only those overlay links which satisfy the given In unstructured P2P network, lookup is based on constraints. Additionally, it also improves the scalability by forwarding the queries [12]. At each node the query is judiciously using the overlay resources. Our approach selectively forwarded to neighbors. Unless the peer finds the item or the forwards the queries using QoS metrics like latency, bandwidth, hop count of the query reaches zero, query is forwarded to and overlay link status so as to ensure improved performance in neighbors.
    [Show full text]
  • Qos-Assured Service Composition in Managed Service Overlay Networks
    QoS-Assured Service Composition in Managed Service Overlay Networks Xiaohui Gu, Klara Nahrstedt Rong N. Chang, Christopher Ward Department of Computer Science Network Hosted Application Services University of Illinois at Urbana-Champaign IBM T.J. Watson Research Center ¡ ¡ ¢ xgu, klara ¢ @ cs.uiuc.edu rong, cw1 @ us.ibm.com Abstract Service Provider: XXX.com service Service Overlay Network instance X service instance (SON) service Z Many value-added and content delivery services are instance being offered via service level agreements (SLAs). These SON Y Portal services can be interconnected to form a service overlay network (SON) over the Internet. Service composition in SON Access SON has emerged as a cost-effective approach to quickly Domain creating new services. Previous research has addressed the reliability, adaptability, and compatibility issues for com- posed services. However, little has been done to manage SON generic quality-of-service (QoS) provisioning for composed SON Portal Portal services, based on the SLA contracts of individual ser- SON Access SON Access Domain vices. In this paper, we present QUEST, a QoS assUred Domain composEable Service infrasTructure, to address the prob- lem. QUEST framework provides: (1) initial service com- Figure 1. Illustration of the Service Overlay position, which can compose a qualified service path under Network Model. multiple QoS constraints (e.g., response time, availability). If multiple qualified service paths exist, QUEST chooses the best one according to the load balancing metric; and (2) dynamic service composition, which can dynamically re- and peer-to-peer file sharing overlays [2]. Beyond this, we compose the service path to quickly recover from service envision the emergence of service overlay networks (SON), outages and QoS violations.
    [Show full text]
  • Multicasting Over Overlay Networks – a Critical Review
    (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 2, No. 3, March 2011 Multicasting over Overlay Networks – A Critical Review M.F.M Firdhous Faculty of Information Technology, University of Moratuwa, Moratuwa, Sri Lanka. [email protected] Abstract – Multicasting technology uses the minimum network internet due to the unnecessary congestion caused by resources to serve multiple clients by duplicating the data packets broadcast traffic that may bring the entire internet down in a at the closest possible point to the clients. This way at most only short time. one data packets travels down a network link at any one time irrespective of how many clients receive this packet. Traditionally Using the network layer multicast routers to create the multicasting has been implemented over a specialized network backbone of the internet is not that attractive as these routers built using multicast routers. This kind of network has the are more expensive compared to unicast routers. Also, the drawback of requiring the deployment of special routers that are absence of a multicast router at any point in the internet would more expensive than ordinary routers. Recently there is new defeat the objective of multicasting throughout the internet interest in delivering multicast traffic over application layer downstream from that point. Chu et al., have proposed to overlay networks. Application layer overlay networks though replace the multicast routers with peer to peer clients for built on top of the physical network, behave like an independent duplicating and forwarding the packets to downstream clients virtual network made up of only logical links between the nodes.
    [Show full text]
  • Overlay Networks
    OVERLAY NETWORKS An overlay network is an application-specific computer network built on top of another network. In other words, an overlay network creates a virtual topology on top of the physical topology. This type of network is created to protect the existing network structure from new protocols whose testing phases require Internet use. Such networks protect packets under test while isolating them from the main networking infrastructure in a test bed. Figure 6.11 shows an overlay network configured over a wide area network. Nodes in an overlay network can be thought of as being connected by logical links. In Figure 6.11, for example, routers R4, R5, R6, and R1 are participating in creating an overlay network where the interconnection links are realized as overlay logical links. Such a logical link corresponds to a path in the underlying network. An obvious example of these networks is the peer-to-peer network, which runs on top of the Internet. Overlay networks have no control over how packets are routed in the underlying network between a pair of overlay source/destination nodes. However, these networks can control a sequence of overlay nodes through a message-passing function before reaching the destination. Figure 6.11. An overlay network for connections between two LANs associated with routers R1 and R4 For various reasons, an overlay network might be needed in a communication system. An overlay network permits routing messages to destinations when the IP address is not known in advance. Sometimes, an overlay network is proposed as a method to improve Internet routing as implemented in order to achieve higher-quality streaming media.
    [Show full text]
  • SIP on an Overlay Network
    SIP on an Overlay Network XIAO WU KTH Information and Communication Technology Master of Science Thesis Stockholm, Sweden 2009 TRITA-ICT-EX-2009:105 SIP on an Overlay Network Xiao Wu 14 September 2009 Academic Supervisor and Examiner: Gerald Q. Maguire Jr. Industrial supervisor: Jorgen Steijer, Opticall AB School of Information and Communication Technology Royal Institute of Technology (KTH) Stockholm, Sweden Abstract With the development of mobile (specifically: wide area cellular telephony) technology, users’ requirements have changed from the basic voice service based on circuit switch technology to a desire for high speed packet based data transmission services. Voice over IP (VoIP), a packet based service, is gaining increasing attention due to its high performance and low cost. However, VoIP does not work well in every situation. Today Network address translation (NAT) traversal has become the main obstruction for future VoIP deployment. In this thesis we analyze and compare the existing NAT traversal solutions. Following this, we introduce a VoIP over IPSec (VOIPSec) solution (i.e., a VoIP over IPSec virtual private network (VPN) scheme) and an extended VOIPSec solution mechanism. These two solutions were tested and compared to measure their performance in comparison to a version of the same Session Initiation Protocol (SIP) user agent running without IPSec. In the proposed VOIPSec solution, the IPSec VPN tunnel connects each of the SIP clients to a SIP server, thus making all of the potential SIP participants reachable, i.e., solving the NAT traversal problem. All SIP signaling and media traffic for VoIP calls are transmitted through this prior established tunnel.
    [Show full text]
  • Title: P2P Networks for Content Sharing
    Title: P2P Networks for Content Sharing Authors: Choon Hoong Ding, Sarana Nutanong, and Rajkumar Buyya Grid Computing and Distributed Systems Laboratory, Department of Computer Science and Software Engineering, The University of Melbourne, Australia (chd, sarana, raj)@cs.mu.oz.au ABSTRACT Peer-to-peer (P2P) technologies have been widely used for content sharing, popularly called “file-swapping” networks. This chapter gives a broad overview of content sharing P2P technologies. It starts with the fundamental concept of P2P computing followed by the analysis of network topologies used in peer-to-peer systems. Next, three milestone peer-to-peer technologies: Napster, Gnutella, and Fasttrack are explored in details, and they are finally concluded with the comparison table in the last section. 1. INTRODUCTION Peer-to-peer (P2P) content sharing has been an astonishingly successful P2P application on the Internet. P2P has gained tremendous public attention from Napster, the system supporting music sharing on the Web. It is a new emerging, interesting research technology and a promising product base. Intel P2P working group gave the definition of P2P as "The sharing of computer resources and services by direct exchange between systems". This thus gives P2P systems two main key characteristics: • Scalability: there is no algorithmic, or technical limitation of the size of the system, e.g. the complexity of the system should be somewhat constant regardless of number of nodes in the system. • Reliability: The malfunction on any given node will not effect the whole system (or maybe even any other nodes). File sharing network like Gnutella is a good example of scalability and reliability.
    [Show full text]
  • Agile Protocols: an Application of Active Networking to Censor–Resistant Publishing Networks
    AGILE PROTOCOLS: AN APPLICATION OF ACTIVE NETWORKING TO CENSOR–RESISTANT PUBLISHING NETWORKS by Robert Preston Riekenberg Ricci A Senior Honors Thesis Submitted to the Faculty of the University of Utah in Partial Fulfillment of the Requirements for the Honors Degree of Bachelor of Science in Computer Science APPROVED: Jay Lepreau Thomas C. Henderson Supervisor Director, School of Computing Laurence P. Sadwick Richard D. Rieke Departmental Honors Advisor Director, Honors Program August 2001 ABSTRACT In this thesis we argue that content distribution in the face of censorship is an appropriate and feasible application of active networking. In the face of a determined and powerful adversary, every fixed protocol can become known and subsequently monitored, blocked, or its member nodes identified and attacked. Rapid and diverse protocol change is key to allowing information to continue to flow. Typically, decentralized protocol evolution is also an important aspect in providing censor-resistance for publishing networks. These goals can be achieved with the help of active networking techniques, by allowing new protocol implementations, in the form of mobile code, to spread throughout the network. A programmable overlay network can provide protocol change and decentralized protocol evolution. Such a system, however, will need to take steps to ensure that programmability does not present excessive security threats to the network. Runtime isolation, protocol confidence ratings, encryption, and resource control are vital in this respect. We have prototyped such a system as an extension to Freenet, a storage and retrieval system whose goals include censor resistance and anonymity for informa- tion publishers and consumers. Our prototype implements many of the mechanisms discussed in this thesis, indicating that our proposed ideas are feasible to imple- ment.
    [Show full text]
  • An Efficient and Secure Peer-To-Peer Overlay Network
    An Efficient and Secure Peer-to-Peer Overlay Network Honghao Wang, Yingwu Zhu and Yiming Hu Department of Electrical & Computer Engineering and Computer Science University of Cincinnati {wanghong, zhuy, yhu}@ececs.uc.edu ¡ £ ¥ § © Abstract hops, a single hop may across two nodes con- nected via a high speed LAN, or two separated by a low- Most of structured P2P overlays exploit Distributed bandwidth, long-latency link across half the world, which Hash Table (DHT) to achieve an administration-free, fault will cause significant latency. Proximity Neighbor Selec- tolerant overlay network and guarantee to deliver a mes- tion (PNS) were widely used to optimize overlay routing. ¡ £ ¥ § © sage to the destination within hops. While elegant However, latest research [4] has pointed out that the la- from a theoretical perspective, those systems face diffi- tency of last few hops in a PNS based routing still approxi- culties under an open environment. Not only frequently mated 1.5 times the average round trip time in the underly- joining and leaving of nodes generate enormous mainte- ing network. In order to handle system churn, frequently nance overhead, but also various behaviors and resources joining and leaving of nodes, overlays should repeatedly of peers compromise overlay performance and secu- fresh their routing tables, which generate enormous mainte- rity. nance traffic. Based on the default maintenance periods for Instead of building P2P overlay from the theoretical Bamboo [13, 12], a latest designed DHT system, the total view, this paper builds the overlay network from the per- maintenance traffic is about 7.5 times larger than the same spective of the physical network.
    [Show full text]
  • Measuring I2P Censorship at a Global Scale
    Measuring I2P Censorship at a Global Scale Nguyen Phong Hoang Sadie Doreen Michalis Polychronakis Stony Brook University The Invisible Internet Project Stony Brook University Abstract required flexibility for conducting fine-grained measurements on demand. We demonstrate these benefits by conducting an The prevalence of Internet censorship has prompted the in-depth investigation of the extent to which the I2P (invis- creation of several measurement platforms for monitoring ible Internet project) anonymity network is blocked across filtering activities. An important challenge faced by these different countries. platforms revolves around the trade-off between depth of mea- Due to the prevalence of Internet censorship and online surement and breadth of coverage. In this paper, we present surveillance in recent years [7, 34, 62], many pro-privacy and an opportunistic censorship measurement infrastructure built censorship circumvention tools, such as proxy servers, virtual on top of a network of distributed VPN servers run by vol- private networks (VPN), and anonymity networks have been unteers, which we used to measure the extent to which the developed. Among these tools, Tor [23] (based on onion rout- I2P anonymity network is blocked around the world. This ing [39,71]) and I2P [85] (based on garlic routing [24,25,33]) infrastructure provides us with not only numerous and ge- are widely used by privacy-conscious and censored users, as ographically diverse vantage points, but also the ability to they provide a higher level of privacy and anonymity [42]. conduct in-depth measurements across all levels of the net- In response, censors often hinder access to these services work stack.
    [Show full text]
  • Best Practice Considerations for Kubernetes Network
    WHITE PAPER BEST PRACTICE CONSIDERATIONS FOR KUBERNETES NETWORK MANAGEMENT This paper provides guidelines and recommendations for selecting and planning the implementation of Kubernetes-managed overlay networks. This paper examines the implementation of the Flannel, a popular overlay network, within the context of the design considerations set forth in this document. The intended audience for this guide are Table of individuals involved in the architecture or implementation of Kubernetes. This guide contents focuses on Kubernetes deployed within the context of a private data center. • Networking in The number of tools available for IP address management, network traffic flow Kubernetes management, and segmentation in a containerized application is enormous. New tools for managing overlay networks emerge frequently, and tracking evolving feature sets can • IP address be a prohibitively time-consuming task. This paper provides guidance for tool selection management and considerations for architecture and implementation. While this document does not • Overlay networks cover every possible network configuration for Kubernetes clusters, following these • Segmentation and guidelines will enable more graceful scaling from an operational standpoint, and higher- policy enforcement resolution observables for better-quality security visibility. • Focus on Flannel • Summary Networking in Kubernetes The basic unit of a Kubernetes deployment is called a pod. A pod is a collection of resources that includes storage, a virtual network interface, and at least one container. Nodes are the hosts that run Kubernetes pods. Kubernetes assigns a unique IP address to each pod, and each pod in a Kubernetes cluster can reach every other pod – as well as every Kubernetes application node – via a simple IP routing.
    [Show full text]
  • Peer to Peer and SPAM in the Internet
    Networking Laboratory Department of Electrical and Communications Engineering Helsinki University of Technology Peer to Peer and SPAM in the Internet Report based a Licentiate Seminar on Networking Technology Fall 2003 Editor: Raimo Kantola Abstract: This report is a collection of papers prepared by PhD students on Peer-to-Peer applications and unsolicited e-mail or spam. The phenomena are covered from different angles including the main algorithms, protocols and application programs, the content, the operator view, legal issues, the economic aspects and the user point of view. Most papers are based on literature review including the latest sources on the web, some contain limited simulations and a few introduce new ideas on aspects of the phenomena under scrutiny. Before presenting the papers we will try to give some economic and social background to the phenomena. Overall, the selection of papers provides a good overview of the two phenomena providing light into what is happening in the Internet today. Finally, we provide a short discussion on where the development is taking us and how we should react to these new phenomena. Acknowledgements My interest in Peer-to-peer traffic and applications originates in the discussions that took place in the Special Interest Group on Broadband networks hosted within the TEKES NETS program during 2003. In particular, I would like to thank Pete Helenius of Rommon for his insights. The Broadband group organised an open seminar in Dipoli on November 20th that brought the topic into a wider discussion involving people from both the networking side as well as the content business.
    [Show full text]