End-To-End Arguments in System Design - PowerPoint PPT Presentation

About This Presentation
Title:

End-To-End Arguments in System Design

Description:

Identify the Ends. End-To-End Argument Meets P2P. The Argument. Define when it is applicable: ... End-to-End checks must still be performed, since only one of ... – PowerPoint PPT presentation

Number of Views:75
Avg rating:3.0/5.0
Slides: 17
Provided by: rya133
Category:
Tags: arguments | design | end | system

less

Transcript and Presenter's Notes

Title: End-To-End Arguments in System Design


1
End-To-End Arguments in System Design
  • J.H. Saltzer, D.P. Reed, and D. Clark
  • Presented by Ryan Huebsch
  • CS294-4 P2P Systems 9/29/03

2
Outline
  • The Argument
  • Examples
  • Careful File Transfer
  • Secure Transmission of Data
  • Performance
  • Identify the Ends
  • End-To-End Argument Meets P2P

3
The Argument
  • Define when it is applicable
  • The function in question can completely and
    correctly be implemented only with the knowledge
    and help of the application standing at the
    endpoints of the communication system
  • Regardless of what happens in the communication
    systems, correct operation can only be verified
    by endpoints.

4
The Argument
  • Define the consequence
  • Therefore, providing that questioned function
    as a feature of the communication system itself
    is not possible
  • If you cant do it properly, dont do it at all.

5
The Argument
  • Define the exception
  • (Sometimes an incomplete version of the
    function provided by the communication system may
    be useful as a performance enhancement.)
  • Its not a hard and fast rule, there are special
    cases where the benefit outweighs the cost.

6
Careful File Transfer
  • Copy/Move file from HD on Computer A to HD on
    Computer B

7
Careful File Transfer
  • Possible threats to an accurate transfer
  • Disk error
  • Software error (OS, File transfer program,
    Network driver)
  • Hardware error
  • Communication system
  • System crash

8
Careful File Transfer
  • Solution 1 Point-to-Point
  • Reinforce each step of process (timeout, retry,
    etc.)
  • Goal Reduce probability of each threat to an
    acceptably small value
  • Could be hard to do, each step must be full-proof
  • Could be inefficient, extra checking
  • Solution 2 End-to-End
  • Store file with a checksum, transfer file, read
    transferred file back from disk, compute
    checksum, send checksum to originator to compare
    the two checksums.
  • If check fails, redo from beginning

9
Careful File Transfer
  • Solution 3 Both
  • Point-to-Point checks in communication system
    (such as link level, IP, and/or TCP)
  • End-to-End checks must still be performed, since
    only one of the threats is handled
  • Does not reduce the overall burden to the
    application, but may reduce the frequency of
    problems
  • Lesson
  • Application must supply the guarantee in the end

10
Secure Transmission of Data
  • Goal, move data from one machine to another such
    that the data on the wire is secure (encrypted)

11
Secure Transmission of Data
  • Let the communication system encrypt on entry,
    decrypt on exit.
  • Problems
  • Communication system needs the key
  • Data is in the clear when entering/exiting
  • Authenticity must still be checked by application
  • End-To-End argument wins here

12
Performance
  • Remember the exception in the argument
  • What if communication system is very unreliable,
    file transfer could keep retrying for ever
    because one packet got lost!
  • Providing more reliability at the lower layers is
    a tradeoff betweencost engineering effort vs.
    reliability
  • Not a simple decision

13
Performance
  • Even if it simple to implement at a lower level
    and doesnt cost much
  • Subsystem may be common to many applications,
    they all must pay
  • Subsystem has less information, may not be able
    to do the best job
  • Decision could be complicated if some of the
    packet-by-packet type checks can be emulated by
    application
  • Send file in chunks, each chunk is checked for
    correctness

14
Identifying the Ends
  • Maybe not so easy
  • Consider voice over IP
  • Are the ends the computers?
  • Could introduce long delays
  • Are the ends the people?
  • Retry repeat that
  • End-to-End argument is not an absolute, but a
    design tool

15
Not Just for Communication
  • Encryption
  • Two-Phase commit
  • Banking (high level auditing)
  • Reservations (agent retries till confirmed)
  • Telephone (caller redials)
  • Backup on magnetic tapes
  • RISC (simple instructions)
  • Open Operating System (replace low level
    functions)

16
End-To-EndArgument Meets P2P
  • Consider key-based-routing systems(which seem
    similar to SWALLOW?)
  • Function route(key, msg)
  • What are the ends?
  • Requestor Responsible Node
  • Router-to-Router or Application-to-Application
  • Structured vs. Unstructured
  • Structured gives better reliability
  • Unstructured gives less
  • Iterative vs. Recursive?
Write a Comment
User Comments (0)
About PowerShow.com