Session-Based Mobility An End-to-End Approach Alex C. Snoeren MIT Laboratory for Computer Science...
-
Upload
victor-caldwell -
Category
Documents
-
view
222 -
download
0
Transcript of Session-Based Mobility An End-to-End Approach Alex C. Snoeren MIT Laboratory for Computer Science...
Session-Based MobilityAn End-to-End Approach
Alex C. Snoeren
MIT Laboratory for Computer Science(with Hari Balakrishnan, Frans Kaashoek, and Jon Salz)
An Example: SSH Session
• Remote log in / port forwarding Provides secure remote communication Data compressed and encrypted as a stream
SSHd
shell
elm
Xapp
serverclient
ssh
Today’s Network Abstraction
• System provides a connection service Binds [<IP, port>, <IP, port>] tuple
• Any change invalidates the connection• No support for periods of disconnectivity
<18.31.0.139, 2345> <169.229.60.64, 22>
SSHClient
TCP IPSSH
ServerTCPIP
Each application must perform ad-hocrecovery and disconnection management, or fail
Mobile Networking Challenges
1. Changing end points Change in node attachment point Multi-homing (multiple network interfaces) Readdressing: DHCP renewal, NAT crash, etc.
2. Internet “Suspend/Resume” Wireless device goes out of range Save device power or connectivity costs Transient Internet connectivity outage
Complete solution needs to address both
Current Approaches
• Only solve half the problem Mobile IP, VIP, Physical Media Independence, … MSOCKS, SLM, Application check-pointing, …
• Don’t support intelligent adaptation Rocks, Mobile sockets, Mobile file systems, …
• Use application-specific point solutions RTSP, SCTP, SIP multimedia calls, … Web shopping carts, J2EE servlets, … HTTP range requests, FTP restart points, …
Reconsider System Abstraction
• Many applications create “sessions” Long-lived: collections of connections Entity of processing and resource allocation
• Can we provide a useful system abstraction? Flexible enough for different users, applications Efficient to implement, leverage shared resources Easy to use, but backwards compatible
Session is the salient mobility entity
1, 2, 3… Mobility
1. System Session Abstraction [SBK’01] Collaborative management of end point changes Support for unmodified legacy apps [SaSB’02]
2. Preserving Reliable Connections TCP connection migration [SB’00]
3. Session Continuations [SSaBK’02] Application-guided disconnection handling System support for long-lived sessions [SAB’01]
Goals: Minimally Invasive
• Overhead only on mobility events
• As secure as non-mobile situations
• Require no infrastructure support Demonstrate pure end-to-end solution Deployable via proxies if desired
• Enable intelligent session adaptationTransparency is always an option
Managing Changing End Points
• Applications handle discovery Lots of ways to resolve to <IP, port> pair
• User specifies local network policy Different users, different choices
• System manages tracking Clear semantics, scalable, and efficient
End-to-End Session Tracking
Discovery Service(e.g., Dynamic DNS)
Mobile Nodefoo.bar.edu
Discovery Query(e.g., DNS Lookup)
Session Initiation
xxx.xxx.xxx.xxx
CorrespondentNode
Discovery Update(e.g., DNS Update)
Session Update<xxx.xxx.xxx.xxx, P>
<yyy.yyy.yyy.yyy, Q>
yyy.yyy.yyy.yyy
System Session Abstraction
• Set of network connections to remote end point All involved in single
collaborative activity
• Application identifies end points, initiates connections
• System manages tracking Maintains semantics of
reliable protocols Exposes changes to apps
that register interest
/* Find remote end point */dhost = gethostbyname(dst);/* Validate remote end point */daddr = valid_address(dhost);
/* Create a new session */sid = session_create(flags, …);
/* Specify end points discovery */set_lookupfunc(sid, gethostbyname,
dst, hostname);
/* Create two connections */connect(a, daddr, …);add_connection(sid, a);connect(b, daddr, …);add_connection(sid, b);
/* Register interest in changes */register_handler(sid, mobhandler);
session_create()add_connection()
Robust Session Management
Established LostConnecting Migrating
Frozen
Mobility Daemon
Se
ssio
n L
aye
r
App
NotSupported
Diffie-Hellman Key ExchangeChallenge/Response Protocol
C, P C, P
Po
licy
En
gin
e
Mobility Daemon
Se
ssio
n L
aye
r
App
Po
licy
En
gin
e
Dynamic Library Interposition
LegacyApplication
libmigrate
Kernel
connect(…) fd
MigrateDaemon
sid = session_create();add_connection(sid, …);
Session Handle
libc
connect(…)
syscall(connect,…)
fd
fd
SessionEstablishment
• Intercept POSIX API Wrap each connection in its
own session
PART 1
• Problem: Track changing end points
• Solution: System session abstraction
PART 2
• Problem: Preserve reliable connections
• Solution: TCP Migrate Options
PART 3
• Problem: Internet “Suspend/Resume”
• Solution: Session continuations
Connection Preservation
• Provide stable view of dynamic kernel socket• But what about reliable connections?
User level: Double buffer, session layer re-sync Full access: Extend transport protocol
KernelApp Kernel App
SessionLayer
SessionLayer
SYN 0
ACK 1
Transmission Control Protocol
• The reliable protocol 91% of all bytes, 83% of
all packets [CAIDA ’00] SSH, FTP, HTTPS,
telnet, IMAP, SMTP, etc.
• SYN/ACK handshake Negotiates options,
sequence space
• Reliable transport In-order delivery Retransmits lost data
ACK 2
DATA 1
ACK 3
DATA 2
DATA 2
SYN 0 / ACK 1
TCP Connection Migration
• Resume previous connection with new one Provide special Migrate TCP option Sent on SYN packets of new connection
• Preserve buffers and sequence space Retransmission engine just works Compatible with SACK, FACK, Snoop…
• Entirely backwards compatible
TCP ConnectionMigration
1. Initial SYN
2. SYN/ACK
3. ACK (with data)
4. Normal data transfer
5. Migrate SYN
6. Migrate SYN/ACK
7. ACK (with data)
SYN 0
ACK 1
SYN 0 / ACK 1
fixedmobile
(MigrateOK, …)
(MigrateOK, …)
1.
3.
SYN 22(Migrate T, …)
5.
ACK 48 7.
2.
SYN 46 / ACK 23 6.
DATA 47ACK 23
4.
DATA 22ACK 47
TCP StateMachineChanges
MIGRATE_WAIT2MSL timeout
recv: SYN (migrate T, R)
send: SYN, ACK
• 2 new transitions between existing states
- and -• 1 new state
handles pathological race condition
recv
: S
YN
(m
igra
te T
, R)
sen
d:
SY
N, A
CK
recv
: RST
appl:
migrat
e
send: S
YN (migr
ate T
, R)
Migration Trace
SYN/ACK
BufferedPackets
(old address)
Migrate SYN
A Lossy Trace with SACK
SYN/ACK
Migrate SYN
BufferedPackets
(old address)
ACKw/SACK
PART 1
• Problem: Track changing end points
• Solution: System session abstraction
PART 2
• Problem: Preserve reliable connections
• Solution: TCP Migrate Options
PART 3
• Problem: Internet “Suspend/Resume”
• Solution: Session continuations
Internet Suspend/Resume
• Intelligent disconnection handling Buffer otherwise lost communications Emulate remote services locally Release resources while disconnected
• Graceful resumption handling Reallocate resources and restore state Adapt to new network conditions Indicate how to resume processing
Motivating Continuations
• Observation: complete context inappropriate Some previous state irrelevant, or, even worse, Invalidated due to change in conditions (C.f. TCP Connection state)
• Similar problem in programming languages Block when state and context is complex Pass continuation if state and context is small
• Continuations can request blocking behavior
Using Continuations
User level
App
Kernel
SL
• Expand session notion Align with application Annotate state, resources, associated computation Include system state
• Provide synchronization and preservation assistance Shared attribute/value store Persist local system IPC, file descriptors
• System invokes continuation at session resumption Generated in response to disconnection notification
Conserving Session Resources
SSHd
emacs
SocketBuffers
NetworkPorts
OpenFiles
Kernel
Resources dedicated toactive session
>>Resources dedicated to
suspended session
Release systemresources as well
Continuation generation is recursive!
SSH Continuation
• Don’t suspend until it’s convenient Process pending data, deliver to app or network
• Only a minimum of state to preserve Auth, crypto, and compression state Preserve IPC to child processes
• Notify child processes of disconnection Tunneled apps share connectivity fate
Added ~250 LOC in an afternoon
Continuation Efficiency
Anecdotal evidence of size and speed
SSHd FTPd0
200
400
600
800
1000
1200
1400
1600
1800
2000
Mem
ory
Usa
ge (
KB
)
0
50
100
150
200
250
300
Res
tart
Lat
ency
(m
sec)
SSHd FTPd
System Resources
Shared Pages
Non-Shared Pages
Startup Latency
Session Overhead
SessionContinuation
Continuation Solution Spectrum
• Fast TCP handoff One RTT
• Normal movement Four RTTs + re-sync
• Suspend/Resume Complete flexibility
Control Channel SYN
Response
Challenge
Data SYN
Data SYN/ACK
Control Channel SYN/ACK
Request
Continuation Info
Resumed connection
+
Conclusion & Future Directions
• Sessions are viable system abstractions Useful, flexible, and easy to use Admit robust, efficient implementation
• Continuations enable “suspend/resume”
• Useful for mobility across hosts? Continuations eliminate dependencies An area for future exploration…