![Page 1: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/1.jpg)
An Axiomatic Basis for Communication
M. Karsten1, S. Keshav1, and S. Prasad2
1University of Waterloo2IIT Delhi
![Page 2: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/2.jpg)
Did you know that...?
For example:
•NAT = ATM
•DNS: Forwarding overlay
•Source routing is heavily used in the Internet
![Page 3: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/3.jpg)
Outline
•The unreasonable Internet
•The axioms of communication
•Notes on formalization
•Conclusions
![Page 4: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/4.jpg)
The unreasonable Internet
•Original Internet assumptions
•Static public IP addresses
•5-layer stack
•No layer violations
•Forwarding based only on IP routing tables
![Page 5: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/5.jpg)
In fact...
•All these assumptions are violated
•DHCP, NAT, Mobile IP -> dynamic IP
•Many more layers (VLAN, P2P, MPLS ...)
•Layering extensively violated (NAT, firewall, DNS redirection)
•Forwarding based on VLAN ID, MPLS ID, source IP (!)
![Page 6: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/6.jpg)
But...
• It still works
•mostly
• for most people
•Why?
![Page 7: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/7.jpg)
Hypotheses
• All the changes to the original architecture still preserve some invariants (wrt forwarding)
• ‘Axioms’ of communication
• If we can state these axioms and analyze them, we can know the limits of what is feasible
• eg. deliverability of messages
• We can also come up with an expressive pseudo-language to implement any packet forwarding scheme
![Page 8: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/8.jpg)
Divide and Conquer
•We are only studying connectivity (naming, addressing, routing, forwarding)
•Other areas, such as medium access, reliability, flow control, congestion control, and security are ignored (for now)
![Page 9: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/9.jpg)
A diversion...
![Page 10: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/10.jpg)
Axiom: arch
Coliseum, Coliseum, RomeRome
![Page 11: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/11.jpg)
Axiom: lintel
Big temple, Big temple, Thanjavur,Thanjavur,
IndiaIndia
![Page 12: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/12.jpg)
Internet-style architecture
Hearst Castle,Hearst Castle,CaliforniaCalifornia
![Page 13: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/13.jpg)
Axiomatic engineering
Tenerife Airport, Tenerife,Tenerife Airport, Tenerife,(Calatrava)(Calatrava)
![Page 14: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/14.jpg)
Axiomatic engineering
Bilbao Museum (Gehry)Bilbao Museum (Gehry)
![Page 15: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/15.jpg)
Outline
•The unreasonable Internet
•The axioms of communication
•Notes on formalization
•Conclusions
![Page 16: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/16.jpg)
The axioms
•Will state them, and try to explain why we chose them
•Grouped into a few sets
![Page 17: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/17.jpg)
Naming and binding
![Page 18: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/18.jpg)
Millau ViaductMillau Viaduct
![Page 19: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/19.jpg)
Naming and Binding• Saltzer (1978) with some modifications
• An object is a software or hardware structure
• Name is a regular expression that refers to a set of objects
• Binding
• noun: mapping from name to set of objects
• verb: choosing the object mapped to a name
• Address
• A lower-level name used to access an object
![Page 20: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/20.jpg)
Naming and Binding…
•Context
•Set of mappings
•Name is interpreted wrt a context(multiple contexts may resolve the same name differently)
•Resolution mechanism
•Locates the mapping for a name within a context
![Page 21: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/21.jpg)
Communication axioms
![Page 22: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/22.jpg)
MIlau ViaductMIlau Viaduct
![Page 23: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/23.jpg)
Communication axioms
•Certain objects can directly communicate with each other
•shared memory or on a physical medium
•Network Processing Object (NPO) is an object that can directly communicate with some other NPO(s)
•Each NPO has a local set of mappings, called its context state (e.g. forwarding table)
![Page 24: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/24.jpg)
Communication axioms
•NPOs that can directly communicate with each other are neighbours
•Unit of communication is a message
•message = header + payload
•Any name in a header is an address
•Header can have a stack of addresses
•Topmost one is the current destination address
![Page 25: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/25.jpg)
Communication axioms
•Forwarding is an extension of direct communication where neighbours repeatedly pass on a message to a set of neighbours, so that the message eventually arrives at a set of destination NPOs
• transitive relation of direct communication
•Resolution can not only return a ‘lower-level’ name, but also set of neighbours for a name
![Page 26: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/26.jpg)
Operations
![Page 27: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/27.jpg)
![Page 28: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/28.jpg)
Fundamental operations
• Split operations into forwarding (move messages) and control (routing, path setup, remote name lookup)
• We describe some fundamental ways to move and manipulate a message, e.g.
• receive/send – direct communication
• push/pop – modify address stack
• lookup (a name in a context table)
![Page 29: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/29.jpg)
Forwarding
• Define local context state as
• {<name → {<NPO, name>}>}
• Forwarding code:
message msg = receive();name n = pop(msg);{<NPO, name>} S = lookup(n);for each <NPO, name> s in S
outmsg = copy(msg);push(outmsg, s.name);send(s.NPO, outmsg);
endfor
![Page 30: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/30.jpg)
Structural axioms
![Page 31: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/31.jpg)
Baha’i Temple, New DelhiBaha’i Temple, New Delhi
![Page 32: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/32.jpg)
Structure axioms
•The NPO that pushes an addresses and every NPO that resolves (i.e. lookup) or removes that address are peers
•Peers that push and pop an address establish a link
•Sequence of peers forming a link is a path
![Page 33: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/33.jpg)
Structure axioms
• Iterated forwarding a message is binding its destination name to a set of destination NPOs
• Set of peer NPOs that forward a message with the same destination address to the same set of NPOs provide a consistent binding
• A scope of a name is the set of peers that provide a consistent binding for that name
• Scopes may contain special names, such as the broadcast name
• Mechanisms to provide consistency in a scope are called routing
![Page 34: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/34.jpg)
Outline
•The unreasonable Internet
•The axioms of communication
•Notes on formalization
•Conclusions
![Page 35: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/35.jpg)
Formalization
•We associate operational semantics with each operation, consistent with axioms
•Desirable properties become theorems
•e.g. we can ask “Is deliverable (A,B) a valid theorem in our system?”
![Page 36: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/36.jpg)
Operational semantics
•Each operation updates the state of an abstract machine
• configuration =<stack of values | context state | operations>
• e.g.<(n1n2n3...nd)|cs|pop;p’> → <n1,(n2n3...nd)|cs|p’>
• Well-known theory to reason about invariants about partial correctness and progress
![Page 37: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/37.jpg)
Outline
•The unreasonable Internet
•The axioms of communication
•Notes on formalization
•Conclusions
![Page 38: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/38.jpg)
Railway Station, Lisbon (Calatrava)Railway Station, Lisbon (Calatrava)
![Page 39: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/39.jpg)
Sample Observations
•NAT ≈ MPLS ≈ ATMoutgoing source port ~ label
•Recursive DNS lookup – forwarding based on DNS destination using UDP tunnels
•Stack of <port number, IP protocol ID,IP address, Eth protocol ID, MAC address>≈ record route and source routing
![Page 40: An Axiomatic Basis for Communication - David R. Cheriton ...mkarsten/papers/hotnets2006_talk.pdf · An Axiomatic Basis for Communication M. Karsten1, S. Keshav1, and S. Prasad2 1University](https://reader033.vdocument.in/reader033/viewer/2022042312/5edb4ed6ad6a402d6665760f/html5/thumbnails/40.jpg)
Conclusions
•The Internet is complex, yet it works
•We think it’s because protocol designers implicitly follow some rules (axioms)
•We explicitly state the axioms – clarity
•Allows us (hopefully) to do formal analysis: correctness, deliverability, (performance, errors)
•Also allows us to construct a universal forwarding engine