Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universität München, Germany
Bootstrapping P2P VPN
Felix Weißl
Chair for Network Architectures and Services Department for Computer Science Technische Universität München
April 3, 2014 Outline
1 Motivation 2 Network Classification 3 Terms 4 Bootstrapping 1 In unstructured Peer-to-Peer networks 2 In structured Peer-to-Peer-networks 5 Related work 6 Conclusion
Felix Weißl: Bootstrapping P2P VPN 2 Motivation Client / Server Peer-to-Peer
centralized decentralized server dependent self-organizing single point of failure robust shared resources (bandwidth, CPU) server is bottle-neck scalable secure standard protocols privacy / security issues easy connection establishment bootstrapping problem easy file management network speed usually low
source: http://upload.wikimedia.org/wikipedia/commons/f/fb/Server-based-network.svg http://upload.wikimedia.org/wikipedia/commons/3/3f/P2P-network.svg Felix Weißl: Bootstrapping P2P VPN 3 Network Classification
Virtual Private Networks
Unstructured Structured: Distributed Hash Table e.g. GroupVPN, BitTorrent's distributed tracker Centralized Decentralized e.g. OpenVPN e.g. Tinc
Hybrid: Super Nodes e.g. N2N
Felix Weißl: Bootstrapping P2P VPN 4 Terms
“P2P VPN”: - decentralized virtual private network - popular applications: Hamachi, N2N, P2PVPN, Wippien, freelan
Bootstrapping: process of a new peer joining the network
Felix Weißl: Bootstrapping P2P VPN 5 Bootstrapping
1. Peer discovery: - discover the network - request one or more well-known entry points 2. Rendezvous: - try connecting to a peer - traversal of NAT devices 3. Relay: - scenario: NAT traversal fails - third party relays traffic
Felix Weißl: Bootstrapping P2P VPN 6 Bootstrapping N2N
N2N: - encrypted Layer 2 over Layer 3 private P2P network - super nodes build “backbone” of the network
?
Source: http://www.ntop.org/wp-content/uploads/2011/08/n2n_network.png Felix Weißl: Bootstrapping P2P VPN 7 Bootstrapping N2N
- Peer discovery: - Required: Global IP address of one super nodes - Peer list through broadcast messages - Rendezvous: - “Peer registration” - connection attempt - Relay through super nodes ? as a fall-back method
Felix Weißl: Bootstrapping P2P VPN 8 Bootstrapping GroupVPN
- Idea: Usage of an existing public network for configuration exchange, e.g. XMPP, BitTorrent, Gnutella, Brunet
- Brunet: - self-organizing ring-structured network - nodes organized in well-defined topology - nodes addressable with internal PeerIDs - Distributed Hash Table
Felix Weißl: Bootstrapping P2P VPN 9 Bootstrapping GroupVPN
Distributed Hash Table - distributed data over large P2P network - quick search time for given item - keys mapped to nodes - get / put operations - e.g. “get FOOBAR”
Felix Weißl: Bootstrapping P2P VPN 10 Bootstrapping GroupVPN
Bootstrapping
Peer wants to connect to P2P VPN “Private”
Felix Weißl: Bootstrapping P2P VPN 11 Bootstrapping GroupVPN
Bootstrapping
1. Peer discovery: peer queries DHT for private network peers
Felix Weißl: Bootstrapping P2P VPN 11 Bootstrapping GroupVPN
Bootstrapping
2. Rendevouz: Exchange connection messages, NAT Traversal Felix Weißl: Bootstrapping P2P VPN 11 Bootstrapping GroupVPN
Bootstrapping
2. Rendevouz: Exchange connection messages, NAT Traversal Felix Weißl: Bootstrapping P2P VPN 11 Bootstrapping GroupVPN
Network Address Translation (NAT): - overcome shortage of IPv4 addresses - separation of private and public address space - breaks end-to-end principle - blocks new incoming connections → P2P problem
NAT A NAT B
Source: J. Buford, H. Yu, and E. K. Lua. P2P Networking and Applications. Morgan Kaufmann, 2008. Felix Weißl: Bootstrapping P2P VPN 12 Bootstrapping GroupVPN
NAT Traversal scenario:
Source: B. Ford, P. Srisuresh, and D. Kegel. Peer-to-peer communication across network address translators. In USENIX Annual Technical Conference, General Track, pages 179-192, 2005. Felix Weißl: Bootstrapping P2P VPN 13 Bootstrapping GroupVPN
UDP Hole Punching
Source: B. Ford, P. Srisuresh, and D. Kegel. Peer-to-peer communication across network address translators. In USENIX Annual Technical Conference, General Track, pages 179-192, 2005. Felix Weißl: Bootstrapping P2P VPN 14 Related work
Other techniques for peer discovery: - Social networks: IRC, XMPP - Dynamic DNS - Random Access Probing
Other NAT traversal techniques: - manual: port forwarding - TCP hole punching - Autonomous NAT traversal
Felix Weißl: Bootstrapping P2P VPN 15 Conclusion
- NAT still a main issue in P2P bootstrapping - pure “P2P VPNs” very rare - security mechanisms in existing applications often neglected
Felix Weißl: Bootstrapping P2P VPN 16 Questions
Felix Weißl: Bootstrapping P2P VPN 17