Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universität München, Germany Bootstrapping P2P VPN Felix Weißl Chair for Network Architectures and Services Department for Computer Science Technische Universität München April 3, 2014 Outline 1 Motivation 2 Network Classification 3 Terms 4 Bootstrapping 1 In unstructured Peer-to-Peer networks 2 In structured Peer-to-Peer-networks 5 Related work 6 Conclusion Felix Weißl: Bootstrapping P2P VPN 2 Motivation Client / Server Peer-to-Peer centralized decentralized server dependent self-organizing single point of failure robust shared resources (bandwidth, CPU) server is bottle-neck scalable secure standard protocols privacy / security issues easy connection establishment bootstrapping problem easy file management network speed usually low source: http://upload.wikimedia.org/wikipedia/commons/f/fb/Server-based-network.svg http://upload.wikimedia.org/wikipedia/commons/3/3f/P2P-network.svg Felix Weißl: Bootstrapping P2P VPN 3 Network Classification Virtual Private Networks Unstructured Structured: Distributed Hash Table e.g. GroupVPN, BitTorrent's distributed tracker Centralized Decentralized e.g. OpenVPN e.g. Tinc Hybrid: Super Nodes e.g. N2N Felix Weißl: Bootstrapping P2P VPN 4 Terms “P2P VPN”: - decentralized virtual private network - popular applications: Hamachi, N2N, P2PVPN, Wippien, freelan Bootstrapping: process of a new peer joining the network Felix Weißl: Bootstrapping P2P VPN 5 Bootstrapping 1. Peer discovery: - discover the network - request one or more well-known entry points 2. Rendezvous: - try connecting to a peer - traversal of NAT devices 3. Relay: - scenario: NAT traversal fails - third party relays traffic Felix Weißl: Bootstrapping P2P VPN 6 Bootstrapping N2N N2N: - encrypted Layer 2 over Layer 3 private P2P network - super nodes build “backbone” of the network ? Source: http://www.ntop.org/wp-content/uploads/2011/08/n2n_network.png Felix Weißl: Bootstrapping P2P VPN 7 Bootstrapping N2N - Peer discovery: - Required: Global IP address of one super nodes - Peer list through broadcast messages - Rendezvous: - “Peer registration” - connection attempt - Relay through super nodes ? as a fall-back method Felix Weißl: Bootstrapping P2P VPN 8 Bootstrapping GroupVPN - Idea: Usage of an existing public network for configuration exchange, e.g. XMPP, BitTorrent, Gnutella, Brunet - Brunet: - self-organizing ring-structured network - nodes organized in well-defined topology - nodes addressable with internal PeerIDs - Distributed Hash Table Felix Weißl: Bootstrapping P2P VPN 9 Bootstrapping GroupVPN Distributed Hash Table - distributed data over large P2P network - quick search time for given item - keys mapped to nodes - get / put operations - e.g. “get FOOBAR” Felix Weißl: Bootstrapping P2P VPN 10 Bootstrapping GroupVPN Bootstrapping Peer wants to connect to P2P VPN “Private” Felix Weißl: Bootstrapping P2P VPN 11 Bootstrapping GroupVPN Bootstrapping 1. Peer discovery: peer queries DHT for private network peers Felix Weißl: Bootstrapping P2P VPN 11 Bootstrapping GroupVPN Bootstrapping 2. Rendevouz: Exchange connection messages, NAT Traversal Felix Weißl: Bootstrapping P2P VPN 11 Bootstrapping GroupVPN Bootstrapping 2. Rendevouz: Exchange connection messages, NAT Traversal Felix Weißl: Bootstrapping P2P VPN 11 Bootstrapping GroupVPN Network Address Translation (NAT): - overcome shortage of IPv4 addresses - separation of private and public address space - breaks end-to-end principle - blocks new incoming connections → P2P problem NAT A NAT B Source: J. Buford, H. Yu, and E. K. Lua. P2P Networking and Applications. Morgan Kaufmann, 2008. Felix Weißl: Bootstrapping P2P VPN 12 Bootstrapping GroupVPN NAT Traversal scenario: Source: B. Ford, P. Srisuresh, and D. Kegel. Peer-to-peer communication across network address translators. In USENIX Annual Technical Conference, General Track, pages 179-192, 2005. Felix Weißl: Bootstrapping P2P VPN 13 Bootstrapping GroupVPN UDP Hole Punching Source: B. Ford, P. Srisuresh, and D. Kegel. Peer-to-peer communication across network address translators. In USENIX Annual Technical Conference, General Track, pages 179-192, 2005. Felix Weißl: Bootstrapping P2P VPN 14 Related work Other techniques for peer discovery: - Social networks: IRC, XMPP - Dynamic DNS - Random Access Probing Other NAT traversal techniques: - manual: port forwarding - TCP hole punching - Autonomous NAT traversal Felix Weißl: Bootstrapping P2P VPN 15 Conclusion - NAT still a main issue in P2P bootstrapping - pure “P2P VPNs” very rare - security mechanisms in existing applications often neglected Felix Weißl: Bootstrapping P2P VPN 16 Questions Felix Weißl: Bootstrapping P2P VPN 17.