Supporting Legacy Applications over i 3

Providing support for legacy applications is a crucial component of many overlay networks, as it allows end-users to instantly benefit from the functionality introduced by these overlays. This paper presents the design and implementation of a proxy-based solution to support legacy applications in the context of thei3 overlay [24]. The proxy design relies on an address virtualizationtechnique which allows the proxy to tunnel the legacy traffic over the overlay transparently. Our solution can preserve IP packet headers on an end-to-end basis, even when end-host IP addresses change, or when endhosts live in different address spaces ( .g.,behind NATs). In addition, our solution allows the use of human-readable names to refer to hosts or services, and requires no changes to applications or operating systems. To illustrate how the proxy enables legacy applications to take advantage of the overlay ( i.e., i3) functionality, we present four examples: enabling access to machines behind NAT boxes, secure Intranet access, routing legacy traffic through Bro, an intrusion detection system, and anonymous web download. We have implemented the proxy on Linux and Windows XP/2000 platforms, and used it over the i3 service on PlanetLab over a three month period with a variety of legacy applications ranging from web browsers to operating system-specific file sharing.

[1]  Alan Kullberg,et al.  Incremental updating of the Internet checksum , 1990, RFC.

[2]  Jerome H. Saltzer,et al.  On the Naming and Binding of Network Destinations , 1993, RFC.

[3]  Hans Eriksson,et al.  MBONE: the multicast backbone , 1994, CACM.

[4]  Gene Tsudik,et al.  Mixing E-mail with Babel , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[5]  Donald F. Towsley,et al.  Modeling TCP throughput: a simple model and its empirical validation , 1998, SIGCOMM '98.

[6]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[7]  Hari Balakrishnan,et al.  An end-to-end approach to host mobility , 2000, MobiCom '00.

[8]  Ion Stoica,et al.  A Waypoint Service Approach to Connect Heterogeneous Internet Address Spaces , 2001, USENIX Annual Technical Conference, General Track.

[9]  Ben Y. Zhao,et al.  The Ninja architecture for robust Internet-scale systems and services , 2001, Comput. Networks.

[10]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[11]  Hari Balakrishnan,et al.  Resilient overlay networks , 2001, SOSP.

[12]  Randy H. Katz,et al.  Host Mobility Using an Internet Indirection Infrastructure , 2003, MobiSys '03.

[13]  Christian Huitema,et al.  STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs) , 2003, RFC.

[14]  Ion Stoica,et al.  Taming IP packet flooding attacks , 2004, Comput. Commun. Rev..

[15]  Randy H. Katz,et al.  OverQoS: An Overlay Based Architecture for Enhancing Internet QoS , 2004, NSDI.

[16]  Michael Walfish,et al.  Untangling the Web from DNS , 2004, NSDI.

[17]  I. Stoica,et al.  Internet indirection infrastructure , 2002, SIGCOMM '02.

[18]  Scott Shenker,et al.  Spurring Adoption of DHTs with OpenHash, a Public DHT Service , 2004, IPTPS.

[19]  Klaus Wehrle,et al.  The Linux networking architecture : design and implementation of network protocols in the Linux kernel , 2005 .