Living in a PIT-less World: A Case Against Stateful Forwarding in Content-Centric Networking

Information-Centric Networking (ICN) is a recent paradigm that claims to mitigate some limitations of the current IP-based Internet architecture. The centerpiece of ICN is named and addressable content, rather than hosts or interfaces. Content-Centric Networking (CCN) is a prominent ICN instance that shares the fundamental architectural design with its equally popular academic sibling Named-Data Networking (NDN). CCN eschews source addresses and creates one-time virtual circuits for every content request (called an interest). As an interest is forwarded it creates state in intervening routers and the requested content back is delivered over the reverse path using that state. Although a stateful forwarding plane might be beneficial in terms of efficiency, and resilience to certain types of attacks, this has not been decisively proven via realistic experiments. Since keeping per-interest state complicates router operations and makes the infrastructure susceptible to router state exhaustion attacks (e.g., there is currently no effective defense against interest flooding attacks), the value of the stateful forwarding plane in CCN should be re-examined. In this paper, we explore supposed benefits and various problems of the stateful forwarding plane. We then argue that its benefits are uncertain at best and it should not be a mandatory CCN feature. To this end, we propose a new stateless architecture for CCN that provides nearly all functionality of the stateful design without its headaches. We analyze performance and resource requirements of the proposed architecture, via experiments.

[1]  Priya Mahadevan,et al.  Interest flooding attack and countermeasures in Named Data Networking , 2013, 2013 IFIP Networking Conference.

[2]  Tutomu Murase,et al.  A longest prefix match search engine for multi-gigabit IP processing , 2000, 2000 IEEE International Conference on Communications. ICC 2000. Global Convergence Through Communications. Conference Record.

[3]  Alexander Afanasyev,et al.  ndnSIM 2 . 0 : A new version of the NDN simulator for NS-3 , 2015 .

[4]  Serge Fdida,et al.  An extended Hop-by-hop interest shaping mechanism for content-centric networking , 2014, 2014 IEEE Global Communications Conference.

[5]  Massimo Gallo,et al.  Modeling data transfer in content-centric networking , 2011, 2011 23rd International Teletraffic Congress (ITC).

[6]  J. J. Garcia-Luna-Aceves,et al.  Understanding optimal caching and opportunistic caching at "the edge" of information-centric networks , 2014, ICN '14.

[7]  Sarang Dharmapurikar,et al.  Longest prefix matching using bloom filters , 2006, IEEE/ACM Transactions on Networking.

[8]  Maurizio Dusi,et al.  Estimating routing symmetry on single links by passive flow measurements , 2010, IWCMC.

[9]  Yaogong Wang,et al.  Toward fast NDN software forwarding lookup engine based on hash tables , 2012, 2012 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS).

[10]  Massimo Gallo,et al.  Joint hop-by-hop and receiver-driven interest control protocol for content-centric networks , 2012, CCRV.

[11]  Alexander Afanasyev,et al.  Let's ChronoSync: Decentralized dataset state synchronization in Named Data Networking , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[12]  Bengt Ahlgren,et al.  A survey of information-centric networking , 2012, IEEE Communications Magazine.

[13]  John W. Stewart,et al.  BGP4 : inter-domain routing in the Internet , 1998 .

[14]  Christian F. Tschudin,et al.  An Empirical Study of Receiver-Based AIMD Flow-Control Strategies for CCN , 2013, 2013 22nd International Conference on Computer Communication and Networks (ICCCN).

[15]  Tan N. Nguyen,et al.  An optimal statistical test for robust detection against interest flooding attacks in CCN , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[16]  Marc Mosko CCNx 1.0 Protocol Specification Roadmap , 2014 .

[17]  Hongke Zhang,et al.  Decoupling malicious Interests from Pending Interest Table to mitigate Interest Flooding Attacks , 2013, 2013 IEEE Globecom Workshops (GC Wkshps).

[18]  Massimo Gallo,et al.  Multipath congestion control in content-centric networks , 2013, 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[19]  Gene Tsudik,et al.  Optimizing bi-directional low-latency communication in named data networking , 2013, CCRV.

[20]  Alexander Afanasyev,et al.  Adaptive forwarding in named data networking , 2012, CCRV.

[21]  Alexander Afanasyev,et al.  journal homepage: www.elsevier.com/locate/comcom , 2022 .

[22]  Massimo Gallo,et al.  Pending Interest Table Sizing in Named Data Networking , 2015, ICN.

[23]  Gaogang Xie,et al.  A proactive transport mechanism with Explicit Congestion Notification for NDN , 2015, 2015 IEEE International Conference on Communications (ICC).

[24]  Bin Liu,et al.  Mitigate DDoS attacks in NDN by interest traceback , 2013, 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[25]  Gene Tsudik,et al.  DoS and DDoS in Named Data Networking , 2012, 2013 22nd International Conference on Computer Communication and Networks (ICCCN).

[26]  George Pavlou,et al.  CCTCP: A scalable receiver-driven congestion control protocol for content centric networking , 2013, 2013 IEEE International Conference on Communications (ICC).

[27]  Florent Retraint,et al.  Detection of interest flooding attacks in Named Data Networking using hypothesis testing , 2015, 2015 IEEE International Workshop on Information Forensics and Security (WIFS).

[28]  George Xylomenos,et al.  Reducing forwarding state in content-centric networks with semi-stateless forwarding , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[29]  Riccardo Sisto,et al.  PIT overload analysis in content centric networks , 2013, ICN '13.

[30]  Gene Tsudik,et al.  Securing instrumented environments over content-centric networking: the case of lighting control and NDN , 2013, 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[31]  Van Jacobson,et al.  Networking named content , 2009, CoNEXT '09.

[32]  Thomas C. Schmidt,et al.  Revisiting Countermeasures Against NDN Interest Flooding , 2015, ICN.

[33]  R. You,et al.  Detecting and mitigating Interest Flooding Attack in Content Centric Networking , 2014 .

[34]  Marcel Waldvogel,et al.  Fast longest prefix matching: algorithms, analysis, and applications , 2000 .

[35]  Jun Bi,et al.  Interest cash: an application-based countermeasure against interest flooding for dynamic content in named data networking , 2014, CFI '14.

[36]  Gene Tsudik,et al.  Network-Layer Trust in Named-Data Networking , 2014, CCRV.

[37]  Bin Liu,et al.  On Pending Interest Table in Named Data Networking , 2012, 2012 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS).

[38]  Hani Salah,et al.  Lightweight coordinated defence against interest flooding attacks in NDN , 2015, 2015 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[39]  Mauro Conti,et al.  Cache Privacy in Named-Data Networking , 2013, 2013 IEEE 33rd International Conference on Distributed Computing Systems.

[40]  Mauro Conti,et al.  Poseidon: Mitigating interest flooding DDoS attacks in Named Data Networking , 2013, 38th Annual IEEE Conference on Local Computer Networks.

[41]  Heungsoon Park,et al.  Popularity-based congestion control in named data networking , 2014, 2014 Sixth International Conference on Ubiquitous and Future Networks (ICUFN).

[42]  Patrick Crowley,et al.  Scalable Pending Interest Table design: From principles to practice , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[43]  Gene Tsudik,et al.  ANDaNA: Anonymous Named Data Networking Application , 2011, NDSS.

[44]  Jun Li,et al.  An interest control protocol for named data networking based on explicit feedback , 2015, 2015 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS).

[45]  Paul F. Syverson,et al.  A taxonomy of replay attacks [cryptographic protocols] , 1994, Proceedings The Computer Security Foundations Workshop VII.

[46]  Jeff Burke,et al.  NDN-RTC: Real-Time Videoconferencing over Named Data Networking , 2015, ICN.

[47]  Aziz Mohaisen,et al.  Protecting access privacy of cached contents in information centric networks , 2013, ASIA CCS '13.

[48]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[49]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[50]  Gene Tsudik,et al.  Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking , 2014 .

[51]  Injong Rhee,et al.  An improved hop-by-hop interest shaper for congestion control in named data networking , 2013, ICN '13.

[52]  Jianqiang Tang,et al.  Identifying Interest Flooding in Named Data Networking , 2013, 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing.