Criticisms of I3Criticisms of I3

Jack LangeJack Lange

General IssuesGeneral Issues

►DesignDesign►PerformancePerformance►PracticalityPracticality

LimitationsLimitations

►Subscription based model of Subscription based model of communicationcommunication

►Must know the IDs to subscribe toMust know the IDs to subscribe to►Must know of at least one I3 serverMust know of at least one I3 server►Unreliable serviceUnreliable service

►Maybe useful for multicast, anycast, Maybe useful for multicast, anycast, and mobilityand mobility

LocationLocation

►Hash based trigger locationsHash based trigger locations Random, non-optimalRandom, non-optimal

►Triangular routing problemTriangular routing problem Solution: use private triggers near bySolution: use private triggers near by Requires thorough knowledge of the Requires thorough knowledge of the

overlayoverlay Basically, end hosts are responsible for Basically, end hosts are responsible for

routingrouting

Location/HashingLocation/Hashing

►They continuously make two They continuously make two conflicting assumptions…conflicting assumptions…

►They either use or don’t use hashing They either use or don’t use hashing whenever it is convenient.whenever it is convenient. Load balancingLoad balancing

► solved by hashingsolved by hashing

Triangular routing Triangular routing ►solved by choosing optimal I3 nodesolved by choosing optimal I3 node►All the traffic is going through a chosen idAll the traffic is going through a chosen id

UsabilityUsability

► “Thus, it is important that it not require extensive manual configuration or human intervention.”

► “…end-hosts wishing to use i3 can locate at least one server using a similar bootstrapping technique; knowledge of a single server is all that’s needed to fully utilize the i3 infrastructure.”

► This is misleadingThis is misleading A lot of their features depend on end hosts knowing A lot of their features depend on end hosts knowing

about the overlayabout the overlay

UDP and TCPUDP and TCP

► Supposedly I3 should work with unmodified Supposedly I3 should work with unmodified applicationsapplications

► UDP is the only transport mechanism that UDP is the only transport mechanism that can use I3. (Section 4.9)can use I3. (Section 4.9)

► TCP would be brokenTCP would be broken Multiple receiversMultiple receivers End host failures aren’t detectedEnd host failures aren’t detected Congestion avoidance and flow control don’t Congestion avoidance and flow control don’t

workwork► End host failures not detected for 15s on End host failures not detected for 15s on

average, up to 30saverage, up to 30s

SecuritySecurity

► “…our goal is to design simple and efficient solutions that make i3 not worse and in many cases better than today’s Internet. The solutions outlined in this section should be viewed as a starting point towards more sophisticated and better security solutions that we will develop in the future.”

► 2 issues:2 issues: It is worseIt is worse ““that we will develop” – Mentality issue

►The mantra of “build it, then make it secure” is naive

SecuritySecurity

►EavesdroppingEavesdropping Mitigated by private(?) ids -- only way to Mitigated by private(?) ids -- only way to

make it securemake it secure BUT: I3 still allows users to receive BUT: I3 still allows users to receive

anything they want, hiding the channel anything they want, hiding the channel just makes it harder to findjust makes it harder to find

IP does not have eavesdropping IP does not have eavesdropping capabilities DESIGNED into the systemcapabilities DESIGNED into the system

SecuritySecurity

►Denial of ServiceDenial of Service Mechanisms to prevent end host floodingMechanisms to prevent end host flooding Mechanisms to prevent loopingMechanisms to prevent looping What about a DOS aimed at a single I3 What about a DOS aimed at a single I3

node?node?►Does not require loopsDoes not require loops

AnonymityAnonymity

►Anybody can listen to a common Anybody can listen to a common triggertrigger

►Back tracing to the sender is then Back tracing to the sender is then possiblepossible

►Solutions:Solutions: Encryption or trigger chainsEncryption or trigger chains Adds overheadAdds overhead

►Nobody knows how much…Nobody knows how much…

PerformancePerformance

►So how well is this going to work?So how well is this going to work?

►Well, nobody really knows.Well, nobody really knows.►They say its only a proof of conceptThey say its only a proof of concept

Carrier pigeons have also been proven to Carrier pigeons have also been proven to workwork

And does it even succeed as a proof of And does it even succeed as a proof of concept?concept?

Performance TestbedPerformance Testbed

► “The testbed used for all of our experiments was a cluster of Pentium III 700 MHz machines running Linux. We ran tests on systems of up to 32 nodes, with each node running on its own processor. The nodes communicated over a shared 1 Gbps Ethernet.”

Multicast(?)Multicast(?)

►“Since we didn’t enable multicast, in our experiments there was never more than one address.”

►All they tested was point to point traffic… Why do we need this for point to point?Why do we need this for point to point? Shouldn’t they have at least checked if it Shouldn’t they have at least checked if it

worked for the situations they were trying worked for the situations they were trying to address?to address?

WAN(?)WAN(?)

► “The nodes communicated over a shared 1 Gbps Ethernet.” Isn’t this supposed to work over the WAN We see how the overhead effects the system…

►At least the overhead they implemented…. But that’s it

►A lot of stuff wasn’t even tested… Triangular routing problems Node failures Trigger chaining End host routing

Comparison(?)Comparison(?)

►Absolutely none, but it is just a proof Absolutely none, but it is just a proof of conceptof concept

►How well does it work compared to How well does it work compared to other overlays?other overlays?

►How well does it work compared to How well does it work compared to just regular IP?just regular IP?

PracticalityPracticality

► ““We don’t know what the economic model of would be and whether its most likely deployment would be as a single provider for-profit service (like content distribution networks), or a multiprovider for-profit service (like ISPs), or a cooperatively managed nonprofit infrastructure.”

► “…i3 faces significant hurdles before ever being deployed.”

Single ProviderSingle Provider

►Akamai like service modelAkamai like service model Akamai has servers all over the worldAkamai has servers all over the world Akamai is transparent to the end userAkamai is transparent to the end user Will the business model support this level Will the business model support this level

of infrastructure?of infrastructure?

Multiple ProvidersMultiple Providers

►We just saw that BGP is totally kludged We just saw that BGP is totally kludged together to take into account multiple together to take into account multiple providers’ policy…providers’ policy…

► I3 takes all that awayI3 takes all that away

Cooperative non-profitCooperative non-profit

►Might WorkMight Work As long as nobody uses itAs long as nobody uses it Somone, somewhere is going to have to Somone, somewhere is going to have to

pay for itpay for it

Present timePresent time

►So where is it?So where is it?►Has anyone heard of a service that Has anyone heard of a service that

resembles I3?resembles I3?►Multicast overlay research is still very Multicast overlay research is still very

popular.popular.