Wednesday, November 5, 2008

Delegation Oriented Architecture

Middle boxes, though scorned by Internet architect purists, are here to stay. Incrementally adapting the architecture of the Internet to play better with middle boxes can lead to improvements in performance, and more flexibility in

They propose two properties:
1) packets contain the destination, which is represented by a unique identifier (EID)
2) hosts can delegate intermediaries. I.e. middle boxes through which all traffic to the host must flow.

How it works
EIDs are resolved to IP addresses or to other EIDs. This is done by a resolution infrastructure, for which distributed has tables would work well.

Thoughts on the motivation
I am skeptical of their claim that Internet architect purists typically react to middleboxes with "scorn (because they violate important architectural principles) and dismay (because these violations make the Internet less flexible)."

They present two tenants of the architecture of the Internet which middleboxes violate.
1) all hosts should have a unique identifier (NAT obviously violates this).
2) only the host which was listed as the destination should inspect the packet's higher layer fields

However, I don't think that NAT is as bad as they claim. They argue that NAT "has hindered or halted the spread of newer protocols [such as one I have never heard of, SIP] ... and peer-to-peer systems." To me, these are not compelling reasons to bide by tenant 1, neither is the argument that Internet architects think that tenant 1 is elegant or pure.

In section 2.2. they present some more reasons why NAT is a pain. They claim that it is hard to set up servers behind a NAT. From my understanding though, NAT is a policy decision which is usually used to protect the user hosts of an organization, not its servers. Servers can, should, and are currently treated specially, often living outside of the NAT walls. I don't agree with the authors that this is a weakness of NAT.

Thoughts on the potential adoption of DOA:
From the paper: "DOA requires no changes to IP or IP routers but does require changes to host and intermediary software." -- Sadly, any modification to the Internet that requires a significant change to host software (except perhaps IP6 which is going to be do or die soon) will probably never leave the ground. Not only do they propose a new network stack on the end hosts, applications would also need to be ported to use the new interface (which they present as an extension to the Berkeley sockets interface). What is more, DOA also would require the creation of an entirely new resolution system for the EID->IP/EID mappings.

Finally, they themselves admit in 3.4 that they are not offering any new functionality, but rather a new architecture. While interesting from a research perspective, to me this admission symbolizes the reason DOA is not a practical reality.

1 comment:

Randy H. Katz said...

Well, the authors are key Internet architects and they were very critical of middleboxes. But really the main motivation was to reexamine the name to IP address mapping mechanism in the original Internet architecture.