Upgrade to Pro — share decks privately, control downloads, hide ads and more …

TCP.next

 TCP.next

TCPを拡張したMultipath TCP (MPTCP) の概要と簡単なデモ

Hirotaka Nakajima

December 16, 2013
Tweet

More Decks by Hirotaka Nakajima

Other Decks in Technology

Transcript

  1. 5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF 5$1"MUFSOBUJWFͨͪ !8 w 4$51
 5$1ʹΑ͘ࣅ͍ͯΔ͕ɺϚϧνϗʔϛϯά (ͱ8J'J྆ํ"DUJWF ʹରԠ͠ɺෳ਺ετϦʔ ϜΛ༻͍ͯ)P-౳Λճආ͢Δɻ


    ࠷ۙ8FC35$Ͱ࢖ΘΕ͍ͯ·͢ɻ 4$51PWFS%5-4PWFS6%1XJUI*$&  w .PCJMF*1 .PCJMF*1W
 ઀ଓ͕੾ΓସΘͬͯ΋ݩͷ*1ΞυϨεΛ࢖͍ଓ͚Δ͜ͱͰ5$1ͳͲ͕੾Εͳ͍Α͏ʹ͢Δ w 5$1'BTU0QFO
 ઀ଓͨ͜͠ͱ͋ΔϗετؒͰ$PPLJFΛ༻͍Δ͜ͱͰɺXBZIBOETIBLFΛ؆ུԽͯ͠ 4:/ύέοτͱڞʹ%BUBΛૹ෇͢Δ w 26*$
 6%1্ʹ৴པͰ͖ΔετϦʔϜ΍᫔᫓੍ޚɺϞόΠϧ౷߹ͳͲΛೖΕɺ41%:΍)551 ʹ࠷దԽ͞Εͨϓϩτίϧ
  2. 5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF ݱ࣮ !10 1 10 100 1000 10000 100000

    All Middleboxes L3 Routers L2 Switches IP Firewalls App. Firewalls Wan Opt. Proxies App. Gateways VPNs Load Balancers IDS/IPS Very Large Large Medium Small Figure 1: Box plot of middlebox deployments for small (fewer than 1k hosts), medium (1k-10k hosts), large (10k-100k hosts), and very large (more than 100k hosts) enterprise networks. Y-axis is in log scale. 2.2 Complexity in Management Figure 1 also shows that middleboxes deployments are diverse. Of the eight middlebox categories we present in Figure 1, the me- dian very large network deployed seven categories of middleboxes, and the median small network deployed middleboxes from four. Our categories are coarse-grained (e.g. Application Gateways in- clude smartphone proxies and VoIP gateways), so these figures rep- resent a lower bound on the number of distinct device types in the network. Managing many heterogeneous devices requires broad expertise and consequently a large management team. Figure 3 correlates the number of middleboxes against the number of networking person- nel. Even small networks with only tens of middleboxes typically required a management team of 6-25 personnel. Thus, middlebox deployments incur substantial operational expenses in addition to hardware costs. Understanding the administrative tasks involved further illumi- nates why large administrative staffs are needed. We break down the management tasks related to middleboxes below. Upgrades and Vendor Interaction. Deploying new features in the network entails deploying new hardware infrastructure. From our Misconfig. Overload Physical/Electric Firewalls 67.3% 16.3% 16.3% Proxies 63.2% 15.7% 21.1% IDS 54.5% 11.4% 34% Table 1: Fraction of network administrators who estimated misconfiguration, overload, or physical/electrical failure as the most common cause of middlebox failure. icy goals (e.g. a HTTP application filter may block social network sites). Cloud-based deployments obviate the need for enterprise administrators to focus on the low-level mechanisms for appliance configuration and focus only on policy configuration. Training. New appliances require new training for administrators to manage them. One administrator even stated that existing train- ing and expertise was a key question in purchasing decisions: Do we have the expertise necessary to use the product, or would we have to invest significant resources to use it? Another administrator reports that a lack of training limits the ben- efits from use of middleboxes: The average very large network in our data set hosts 2850 L3 routers, and 1946 total middleboxes; the average small network in our data set hosts 7.3 L3 routers and 10.2 total middleboxes.
 w ϧʔλͱಉ͙͡Β͍ͷ਺.JEEMFCPY͕ల։͞Ε͍ͯΔ w εϞʔϧωοτϫʔΫͰ͸ϧʔλΑΓ΋.JEEMFCPYͷํ͕ଟ͍ 4IFSSZ +VTUJOF FUBM.BLJOHNJEEMFCPYFTTPNFPOFFMTFTQSPCMFNOFUXPSLQSPDFTTJOH BTBDMPVETFSWJDF1SPDFFEJOHTPGUIF"$.4*($0..DPOGFSFODF"$. 
  3. 5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF ྫϧʔλ !12 Version IHL Flags Offset Reserved Payload

    Acknowledgment Number Flags Window Checksum Urgent Pointer Options Source Address Destination Address Source Port Destination Port Sequence Number Type of Service Identification Time to Live Protocol Total Length Fragment Offset Header Checksum
  4. 5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF ྫ/"5 !13 Version IHL Flags Offset Reserved Payload

    Acknowledgment Number Flags Window Checksum Urgent Pointer Options Source Address Destination Address Source Port Destination Port Sequence Number Type of Service Identification Time to Live Protocol Total Length Fragment Offset Header Checksum Version IHL Flags Offset Reserved Payload Acknowledgment Number Flags Window Checksum Urgent Pointer Options Source Address Destination Address Source Port Destination Port Sequence Number Type of Service Identification Time to Live Protocol Total Length Fragment Offset Header Checksum
  5. 5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF .15$1ʹ͍ͭͯ΋ͬͱৄ͘͠ !41 w ϓϩτίϧ
 IUUQQUPPMTJFUGPSHXHNQUDQ w ࣮૷ w

    -JOVYIUUQXXXNVMUJQBUIUDQPSH w 'SFF#4%IUUQDBJBTXJOFEVBVVSQOFXUDQNQUDQ w .JEEMFCPY w )PX)BSE$BO*U#F %FTJHOJOHBOE*NQMFNFOUJOHB%FQMPZBCMF.VMUJQBUI5$1 $PTUJO3BJDJV $ISJTUPQI 1BBTDI 4FCBTUJFO#BSSF "MBO'PSE .JDIJP)POEB 'BCJFO%VDIFOF 0MJWJFS#POBWFOUVSFBOE.BSL )BOEMFZ 64&/*9/FUXPSLFE4ZTUFNT%FTJHOBOE*NQMFNFOUBUJPO /4%* "QSJM 4BO+PTF 64" w *TJU4UJMM1PTTJCMFUP&YUFOE5$1  .JDIJP)POEB :PTIJGVNJ/JTIJEB $PTUJO3BJDJV "EBN(SFFOIBMHI .BSL )BOEMFZBOE)JEFZVLJ5PLVEB "$.*OUFSOFU.FBTVSFNFOU$POGFSFODF *.$ /PWFNCFS QQ  #FSMJO (FSNBOZ w Ϣʔεέʔε w $PTUJO3BJDJV 4FCBTUJFO#BSSF $ISJTUPQIFS1MVOULF "EBN(SFFOIBMHI %BNPO8JTDIJL BOE.BSL)BOEMFZ *NQSPWJOHEBUBDFOUFSQFSGPSNBODFBOESPCVTUOFTTXJUINVMUJQBUI5$1*O1SPDFFEJOHTPGUIF"$.4*($0.. DPOGFSFODF 4*($0..ʟ  w $ISJTUPQI1BBTDI (SFHPSZ%FUBM 'BCJFO%VDIFOF $PTUJO3BJDJV BOE0MJWJFS#POBWFOUVSF&YQMPSJOH NPCJMF8J'JIBOEPWFSXJUINVMUJQBUI5$1*O1SPDFFEJOHTPGUIF"$.4*($0..XPSLTIPQPO$FMMVMBS OFUXPSLTPQFSBUJPOT DIBMMFOHFT BOEGVUVSFEFTJHO $FMM/FU