Connection Migration: Why

1
Connection Migration Why How

• Hari Balakrishnan
• Networks and Mobile Systems Group
• MIT Lab for Computer Science
• http//nms.lcs.mit.edu/
• Joint work with Alex Snoeren Dave Andersen

2
Anatomy of a connection

• Connection defined by IPAPortA ? IPBPortB
• An IP address does not identify a host it only
  identifies a network interface
• Is this a good definition of a connection?

3
Problem 1 Host mobility

• Cerfs comment from DoD Internet paper
• If a host were to move, its network (and host)
  addresses would change and this would affect the
  connection identifiers used by the TCP. This is
  rather like a problem called "dynamic
  reconnection" which has plagued network designers
  since the inception of the ARPANET project in
  1968.
• Two options today for connections
• Terminate and retry
• Somehow preserve IP address and continue
• Horizontal mobility isnt quite enough...

4
Vertical mobility Seamless inter-provider
movement
Regional-Area/ wireless cable
Metro-Area
Campus-Area Packet Radio
In-building In-room
5
Problem 2 Unreliable components

• Individual components rather unreliable
• Replicate for improved reliability and
  availability

• What happens to a bound connection on failure or
  unresponsiveness?

6
Possible solutions

• 1. Force constant IP address for end-point
• Mobile IP
• Layer-N switches with Virtual IPs
• 2. Make names routable
• All packets identify destination by name, which
  serves as routing identifier
• Intentional naming (late binding), TRIAD
• 3. In-band migration
• Dont confound end-point and routing identifiers!

7
Address constancy Mobile IP
Correspondent Hosts
Foreign Agent (FA)
Temporary address dtmp changes with mobility
Mobile Host
8
Why Mobile IP isnt right

• Requires additional network support and
  infrastructure (HA, FA, authentication,)
• Triangle routing even for local interactions
• Many types of mobile applications
• Connections that dont care for seamlessness
• Connection initiators
• Both initiators and responders
• Ingress filtering ? reverse tunneling too!
• Vertical mobility cant be properly handled
• Applications cant be made aware of mobility

9
Address constancy Layer-N switching
With work can solve Local distribution
Client
But we want Global distribution
10
Name-based routing (example)
Lookup
image

• Intentional name resolvers
• form an overlay network

Late binding integrate resolution and message
routing
11
What should a connection be?

• Between communicating applications, not network
  interfaces
• Should be possible for an application to easily
  change network interface of connection
• While preserving good unicast routes
• Securely
• Should not require a priori knowledge of valid
  network interfaces
• Dynamism should not affect semantics or
  correctness, nor worsen reliability
• If done right, can solve both problems at once!

12
Migrate overview
Fixed Host
xxx.xxx.xxx.xxx
13
Problems

• Consistency of name mapping
• Correctness
• Handling packet losses around time of movement
• What if someone else gets your old address?
• Security
• Connection hijacking
• Denial-of-service protection
• Semantics
• How to maintain semantics of connection sequence
  across different nodes?

14
Dynamic name mappings

• Zero TTL on A-records for migratable names
• Use Dynamic DNS (RFC 2136, 2137) for Internet
  names
• Potential problems
• Race condition between name update and movement
• Simply retry! This isnt a new failure mode
• What about old BIND implementations?
• Pray that theyll vanish off the face of the
  earth
• What about extra DNS load?
• What load? Ask Akamai!

15
Previous Migration Schemes

• Multi-homed schemes
• Require new transport protocols (SCTP)
• Often require a priori knowledge of possible set
  of IP addresses
• Connection-ID schemes
• May not preserve transport semantics
• May require a per-packet overhead
• Many security and DoS issues

16
Migrating a connection

• Initiate migration from new network address
• Identify previous connection with token, on SYN
• Secure token to protect against hijacking
• Requires some state machine changes to guarantee
  correctness
• Preserves service model to application
• Handles middle boxes
• Works with most NATs, PEPs, stateful firewalls
• Requires changes to transport protocol
• Kernel TCP, SCTP, RTP (linked library)

17
TCP ConnectionMigration
1. Initial SYN 2. SYN/ACK 3. ACK (with
data) 4. Normal data transfer 5. Migrate
SYN 6. Migrate SYN/ACK 7. ACK (with data)
18
TCP ConnectionMigration
1. Initial SYN 2. SYN/ACK 3. ACK (with
data) 4. Normal data transfer 5. Migrate
SYN 6. Migrate SYN/ACK 7. ACK (with data)
19
TCP ConnectionMigration
1. Initial SYN 2. SYN/ACK 3. ACK (with
data) 4. Normal data transfer 5. Migrate
SYN 6. Migrate SYN/ACK 7. ACK (with data)
20
Two correctness issues

• SYN uses 1 byte of sequence space what should
  SYN ACK value be set to?
• Needed to correctly handle lost segments
• What if someone else gets your previous address?
• Peer TCP will reset connection

21
Correctness SYN ACK corresponds to data
1. Initial SYN 2. SYN/ACK 3. ACK (with
data) 4. Normal data transfer 5. Migrate
SYN 6. Migrate SYN/ACK 7. ACK (with data)
22
Modified TCP State Machine

• 2 new transitions between existing states
• - and -
• 1 new state handles potential race condition due
  to rapid readdressing

appl migrate send SYN (migrate T, R)
recv SYN (migrate T, R) send SYN, ACK
recv SYN (migrate T, R) send SYN, ACK
recv RST
2MSL timeout
MIGRATE_WAIT
23
Securing the Migration

• Problem Increased vulnerability to hijacking
• Ingress filtering (RFC 2827) doesnt help
• Attacker only needs token and sequence space
• Solution Keep the token secret
• Negotiate it using Diffie-Hellman exchange
  (Elliptic-Curve DH)
• Use sequence numbers to prevent replay
• Complete crypto exchange in SYN handshake
• Result Connections are as secure as standard TCP
  
• Use IPsec or SSH for real security

24
Semantics of multi-machine migration
ACK 9000
7801-9000

• Sequence spaces across different machines may not
  have same application-layer semantics

25
One solution Soft-state synchronzation
Health Monitor
ACK 9000
7801-9000

• Technique for static content (e.g., file)
• Information about mapping between filename and
  TCP initial sequence periodically disseminated

26
Implementation

• Use application-specific stream mapper to map
  between sequence space and app (e.g., HTTP range
  requests)

HTTP range request
HTTP GET parser/creator
Client request
Backend HTTP server
HTTP header parser/ stripper
Response handler
Response
Data relay
To client

• Stream mapper involved in initial connection
  processing and in re-establishment

27
Experiment 1 Mobility
Mobile Location 1
Mobile client initiates a transfer
19.2Kbps Modem
Fixed Basestation
Fixed Server
100Mbps Ethernet
28
Migration Trace
Buffered Packets (old address)
Migrate SYN
29
A Lossy Trace with SACK
Buffered Packets (old address)
ACK w/SACK
Migrate SYN
30
Experiment 2 Failover works!

• 0.000 cl.1065 gt sA.8080 . ack 0505 win 31856
• ----gt (Erroneous) sA death pronouncement issued
• 0.080 sA.8080 gt cl.1065 P 05051953(1448) ack 1
  win 31856
• ----gt Successful connection migration to sB
• 0.095 sB.1033 gt cl.1065 S 00(0) win 0 ltmigrate
  PRELOAD 1gt
• 0.096 cl.1065 gt sB.1033 S 00(0) ack 1953 win
  32120
• 0.142 sB.1033 gt cl.1065 . ack 1 win 32120
• ----gt Continued data transmission from sA (Reset
  by client)
• 0.174 sA.8080 gt cl.1065 P 05051953(1448) ack 1
  win 31856
• 0.174 cl.1065 gt sA.8080 R 11(0) win 0
• ----gt Resumed data transmission from sB
• 0.241 sB.1033 gt cl.1065 P 19533413(1460) ack 1
  win 32120...

31
Oscillations arent a problem
32
Summary

• Host mobility and service failover are examples
  of the same fundamental problem
• Connections must be between applications
• The Migrate architecture enables connections to
  be separated from, and move between, IP addresses
• Mobility service failover are both really
  end-to-end issues!
• Got code?

33
Networks and Mobile Systems

• Migrate code for Linux 2.2 available from
• http//nms.lcs.mit.edu/software/
• Migrate project Web page
• http//nms.lcs.mit.edu/projects/migrate/