Architectural Considerations of ICN using Name Resolution Service
draft-irtf-icnrg-nrsarch-considerations-04
This document discusses architectural considerations and implications of Information-Centric Networking (ICN) related to the usage of the Name Resolution Service (NRS). It describes how ICN architectures may change and what implications are introduced within the ICN routing system when NRS is integrated into an ICN architecture.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 10, 2020.
Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
1. Introduction
Information-Centric Networking (ICN) is an approach to evolve the Internet infrastructure to directly access Named Data Objects (NDOs) by its name, i.e., the name of NDO is directly used to route the request to the data object. Such name-based routing in ICN has inherent challenges in supporting globally scalable routing system, producer mobility, and off-path caching. In order to address these challenges, the Name Resolution Service (NRS) has been integrated into several ICN project's proposals and literature [Afanasyev] [Zhang2] [Ravindran] [SAIL] [MF] [Bayhan].
This document describes how ICN architectures may change and what implications are introduced within the ICN routing system when NRS is integrated into an ICN architecture. It also discusses ICN architectural considerations for an NRS. In other words, the scope of this document includes considerations in the view of the ICN architecture and routing system when NRS is integrated into ICN. The discussion of NRS itself is provided in the NRS design guidelines [NRSguidelines] document.
2. Terminology
- Name Resolution Service (NRS): NRS in ICN is defined as the service that provides the name resolution function for translating an object name into some other information such as a locator, a off-path-cache pointer, or an alias name for forwarding the object request [NRSguidelines]. The NRS is a service maintained by a distributed mapping database system.
- NRS server: The NRS consists of the distributed NRS servers storing the mapping records in database. NRS servers store and maintain the mapping records that keep the mappings of name to some other information that is used for forwarding content request.
- NRS resolver: The client side of the NRS is called an NRS resolver. The resolver is responsible for initiating the name resolution request queries that ultimately lead to a name resolution of the target data objects. NRS resolvers can be located in the consumer (or client) nodes and ICN routers. NRS resolver may also cache the mapping records obtained through the name resolution for later usage.
- Name registration: In order to create the NRS, the content names and their mapping records must be registered in the NRS system by a publisher who has an access to at least one authoritative NRS server or by a producer who generates named data objects. The mapping information is the mapping of a name to some information such as another names and locators, which are used for forwarding the content request. Thus, a publisher or producer creates an NRS registration request and send to an NRS server. On registration, the NRS server stores the mapping record in the database and sends an ACK back to the producer or publisher.
- Name resolution: Name resolution is the main process of the NRS. It is performed by an NRS resolver which can be deployed on a consumer node or an ICN router. When the required valid name mapping record (whose lifetime has not expired yet) has not been stored in the cache of an NRS resolver, it sends a name resolution request toward the NRS server. The NRS server searches the content name in its mapping record database, retrieves and sends the mapping record in the name resolution response message to the NRS resolver.
- NRS node: In ICN architecture, NRS servers are also referred to as NRS nodes that maintain the name records.
- NRS client: A node that uses the NRS is called NRS client. The nodes that initiate the name registration, resolution, or update procedure are NRS clients. That is, NRS resolver, ICN client nodes, ICN routers, or producers are NRS clients.
3. Background
The name-based routing in ICN has inherent challenges in supporting a globally scalable routing system, producer mobility, and off-path caching. In order to address these challenges, an NRS has been integrated into several ICN project's proposals and literature as follows:
- Routing scalability : In ICN, application names identifying contents are used directly for packet delivery, so ICN routers run a name-based routing protocol to build name-based routing and forwarding tables. Similar to the scalability challenge of IP routing, if non-aggregatable name prefixes are injected into the Default Route Free Zone (DFZ) of ICN, they would be driving the growth of the DFZ routing table size. Thus, integrating an NRS with ICN can be an approach to keep the routing table size under control, where the NRS resolves name prefixes which do not exist in the DFZ forwarding table into globally routable prefixes such as one proposed in NDN [Afanasyev]. Another approach dealing with routing scalability is the Multi-level Distributed Hash Table (MDHT) used in NetInf [Dannewitz]. It provides name-based anycast routing that can support a non-hierarchical namespace and can be adopted on a global scale [Dannewitz2].
- Producer mobility : In ICN, if a producer moves into a different name domain that uses a different name prefix, the request for a content produced by the moving producer with the origin name would be hardly forwarded to the moving producer's new location. Especially, in a hierarchical name scheme, producer mobility support is much harder than in a flat name scheme since the routing tables in broader area need to be updated according to the producer movement. Therefore, various ICN architectures such as NetInf [Dannewitz] and MobilityFirst [MF] have adopted NRS to tackle the issues of producer's location change.
- Off-path caching : In-network caching is an inherent feature of an ICN architecture. Caching approaches can be categorized into on-path caching and off-path caching, according to the location of caches in relation to the forwarding path from the original content store to a consumer. Off-path caching, also referred as content replication or content storing, aims at replicating content in various locations within a network in order to increase the availability of contents, where the caching locations may not be lying along the content forwarding path. Thus, finding off-path cached contents is not trivial in name-based routing of ICN. In order to support off-path caches, the locations of replicas are usually advertised into a name-based routing system or into NRS as described in [Bayhan].
This document discusses architectural considerations and implications of ICN when the NRS is integrated into ICN to solve such challenges of the name-based routing in ICN.
4. Implications of NRS in ICN
The majority of ICN projects use the name-based routing which omits the name resolution. So, NRS would not be mandatory part in an ICN architecture. The integration of NRS would change the ICN architecture at least with respect to procedures, latency, and security, as discussed below:
- Procedure : When the NRS is adopted into an ICN architecture, the procedure of the name resolution has to be integrated into ICN overall procedures. For NRS integration, there are certain things that have to be decided such as where and how the name resolution task is performed.
- Latency : When the NRS is adopted into an ICN architecture, the additional latency of the name resolution obviously occurs in the routing and forwarding system. Although the latency of the name resolution is added, the total latency could be minimized if the nearest copies or off-path caches can be located by the NRS lookup procedure. Additionally, there might be a trade-off between the name resolution latency and inter-domain traffic reduction. Finding a nearest cache holding the content would reduce the content discovery as well as delivery latency.
- Security : When the NRS is adopted into an ICN architecture, security threats may increase. Protection of the NRS system against attacks such as Distributed Denial of Service (DDoS) and authentication of name mapping records and related signaling messages would be challenging.
5. ICN Architectural Considerations for NRS
This section discusses the various items that have to be considered from the point of view of ICN architecture when ICN integrates the NRS system in its architecture. These items are related with the name mapping records registration, resolution, and update, protocols and messages, and integration with the routing system.
5.1. Name mapping records registration, resolution, and update
When the NRS is integrated in an ICN architecture, the functions related with the registration, resolution and update of name mapping records have to be considered. The NRS nodes maintain the name mapping records and may exist in an overlay network over the ICN routers, that is, they communicate to each other through ICN routers. Figure 1 shows the NRS nodes and NRS clients connected through an underlying network. The NRS nodes exist in a distributed manner so that an NRS node is always available closer to an NRS client and communication latency for the name registration and resolution performed by the NRS client remains very low. The name registration, name resolution and name record update procedures are briefly discussed below.
+------------+ +------------+
| NRS Node | | NRS Node |
+------------+ +------------+
| |
| |
+------------+ | | +------------+
| NRS Client |--------------------------------------| NRS Client |
+------------+ underlying network +------------+
Figure 1: NRS nodes and NRS clients connected through an underlying network
- Name registration: Name registration is performed by the producer (as an NRS client) when it creates a new content. When a producer creates a content and assigns a name from its name prefix space to the content, the producer performs the name registration in an NRS node. Name registration may be performed by an ICN router when it does off-path caching or cooperative caching since involving an NRS may be a good idea for off-path caching. The ICN routers with forwarder caches do not require to invoke NRS registration procedure because they lie on the path to the content store or producer. They will be hit when a future request is forwarded to the content producer by an ICN router lying toward the ICN client node. However, the ICN routers performing off-path caching of the content require to invoke the name registration procedure so that other ICN routers can know about the off-path cache locations through the name resolution. As a content gets cached in many off-path ICN routers, all of them may register the same content names in the same NRS node multiple times. In this case, the NRS node adds the new location of the content to the name record together with the previous locations. In this way, each of the name records stored in the NRS node may contain multiple locations of the content.
- Name resolution: Name resolution is performed by NRS client to obtain the name record from an NRS node by sending a name resolution request message and getting the response containing the record. Regarding the name-based ICN routing context, the name resolution will be mostly performed by an ICN router that does not contain the name in its FIB table. The name resolution may also be performed by the consumer (in case the consumer is multihomed) to make decision to forward the content request in a better direction so that it obtains the content from the nearest cache. If the consumer is single homed, it may not perform the name resolution. It creates the content request packet containing the content name and forwards to the nearest ICN router. The ICN router checks its FIB table to see where to forward the content request. If the ICN router fails to know the requested content reachable, it performs name resolution to obtain the name mapping record and adds to FIB table. The ICN router may also perform name resolution even before the arrival of the content request time to use the name mapping record to configure the FIB table.
- Name record update: Name record update is carried out when a content name mapping record changes, e.g. the content is not available in one or more of previous locations. The name record update may take place explicitly by the exchange of name record update message or implicitly when a timeout occurs and a name record is deemed to be invalid. The explicit update is possible when each record is accompanied by its lifetime value.
5.2. Protocols and Semantics
In order to develop an NRS system within a local ICN network domain or global ICN network domain, new protocols and semantics should be designed to manage and resolve names among different name spaces.
One way of implementing an NRS is by extending the basic ICN TLV format and semantics [RFC8609] [RFC8569]. For instance, name resolution and response messages can be implemented by defining new type fields in the Interest and Content Object messages [CCNxNRS]. By leveraging the existing ICN Interest and Content Object packets for name resolution and registration, the NRS system can be deployed with a minimum implication of ICN architecture changes. However, because of confining to the basic ICN protocol and semantics, the NRS system may not be able to support more flexible and scalable designs.
On the other hand, an NRS system can be designed newly with its own protocol and semantics like an independent NRS system described in [Hong]. For instance, the NRS protocol and messages can be implemented by using a RESTful API and the NRS can be operated as an application protocol independently from a basic ICN architecture.
5.3. Routing System
The NRS helps in reducing the routing complexity of ICN architecture than the pure name-based routing by helping the routing system to update the routing table on demand through the help of name records obtained from the NRS. The routing system has to be considered to make name resolution requests and process the information such as a locator, a off-path-cache pointer, or an alias name, obtained from the name resolution.
No matter what kind of infomation is obtained from the name resolution, as long as it is in the form of a name, the content request message in the routing system may be reformatted with the obtained information. In this case, the content name requested originally by a consumer needs to be involved in the reformatted content request to check the integrity of the requested content. In other words, the infomation obtained from the name resolution is used to forward the content request and the original content name requested by a consumer is used to identify the content. Otherwise, the resolve information is used to build the routing table.
The infomation obtained from the name resolution may not be in the form of a name. For example, it may identify the tunnel endpoints by IP address and is used to construct a tunnel to forward the content request.
There are no IANA considerations related to this document.
7. Security Considerations
When NRS is integrated into an ICN architecture, security threats may increase in various aspects as discussed below:
- Name Space Management: In order to deploy an NRS in ICN architecture, ICN name spaces, which may be assigned by authoritative entities, should be securely mapped to the content publishers and securely managed by them. According to the ICN research challenges [RFC7927], a new name space can also provide an integrity verification function to authenticate its publisher. The verification for mapping among different name spaces should be securely required.
- NRS System: NRS enables the deployment of new entities (e.g. NRS servers) to build distributed and scalable NRS systems. Thus, the entities, e.g., NRS server maintaining a mapping database, could be a single point of failure receiving malicious requests from innumerable adversaries like Denial of Service or Distributed Denial of service attacks. In addition, the NRS clients should also trust on the NRS nodes in other network domains and communication between them should be protected securely to prevent the malicious entities from participating in this communication.
- NRS Protocols and Messages: In an NRS system, additional messages related to the name registration, name resolution, and name record update can spill over to unauthorized networks, increaing the number of more security threats. An adversary can also manipulate these messages by hijacking them to create false messages. A lot of problems similar to the security issues of an IP network can affect the overall ICN architecture. Therefore, security mechanisms such as accessibility, authentication, etc., [NRSguidelines] for the NRS system should be considered to protect not only the NRS system, but also the ICN architecture.
8. References
8.1. Normative References
[RFC2119] |
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997. |
[RFC7927] |
Kutscher, D., Eum, S., Pentikousis, K., Psaras, I., Corujo, D., Saucez, D., Schmidt, T. and M. Waehlisch, "Information-Centric Networking (ICN) Research Challenges", RFC 7927, DOI 10.17487/RFC7927, July 2016. |
8.2. Informative References
[Afanasyev] |
Afanasyev, A. et al., "SNAMP: Secure Namespace Mapping to Scale NDN Forwarding", IEEE Global Internet Symposium , April 2015. |
[Zhang2] |
Zhang, Y., "A Survey of Mobility Support in Named Data Networking", NAMED-ORIENTED MOBILITY: ARCHITECTURES, ALGORITHMS, AND APPLICATIONS(NOM) , 2016. |
[Ravindran] |
Ravindran, R. et al., "Forwarding-Label support in CCN Protocol", draft-ravi-icnrg-ccn-forwarding-label-01 , July 2017. |
[SAIL] |
, "FP7 SAIL project.", http://www.sail-project.eu/ |
[MF] |
, "NSF Mobility First project.", http://mobilityfirst.winlab.rutgers.edu/ |
[Bayhan] |
Bayhan, S. et al., "On Content Indexing for Off-Path Caching in Information-Centric Networks", ACM ICN , September 2016. |
[RFC8569] |
Mosko, M., Solis, I. and C. Wood, "Content-Centric Networking (CCNx) Semantics", https://www.rfc-editor.org/info/rfc8569 , July 2019. |
[RFC8609] |
Mosko, M., Solis, I. and C. Wood, "CCNx Messages in TLV Format", https://www.rfc-editor.org/info/rfc8609 , July 2019. |
[CCNxNRS] |
Hong, J. et al., "CCNx Extension for Name Resolution Service", draft-hong-icnrg-ccnx-nrs-02 , July 2018. |
[Hong] |
Hong, J., Chun, W. and H. Jung, "Demonstrating a Scalable Name Resolution System for Information-Centric Networking", ACM ICN , September 2015. |
[NRSguidelines] |
Hong, J. et al., "Design Guidelines for Name Resolution Service in ICN", draft-irtf-icnrg-nrs-requirements-03 , November 2019. |
[Dannewitz] |
Dannewitz, C. et al., "Network of Information (NetInf)-An information centric networking architecture", Computer Communications vol. 36, no. 7, April 2013. |
[Dannewitz2] |
Dannewitz, C., DAmbrosio, M. and V. Vercellone, "Hierarchical DHT-based name resolution for Information-Centric Networks", Computer Communications vol. 36, no. 7, April 2013. |
Jungha Hong
Hong
ETRI
218 Gajeong-ro, Yuseung-Gu
Daejeon,
34129
Korea
EMail: jhong@etri.re.kr
Tae-Wan You
You
ETRI
218 Gajeong-ro, Yuseung-Gu
Daejeon,
34129
Korea
EMail: twyou@etri.re.kr
Ved Kafle
Kafle
NICT
4-2-1 Nukui-Kitamachi
Koganei,
Tokyo
184-8795
Japan
EMail: kafle@nict.go.jp