r5n.tex (7790B)
1 \documentclass[aspectratio=169]{beamer} 2 \usepackage{appendixnumberbeamer} 3 \usetheme{metropolis} % Use metropolis theme 4 \definecolor{fhggreen}{RGB}{23,156,125} 5 \let\oldemph\textbf 6 \renewcommand{\textbf}[1]{{\color{mLightBrown}\oldemph{#1}}} 7 8 \usepackage{blkarray} 9 \usepackage{amsmath} 10 \usepackage{multirow} 11 \title{The $R^5N$ Distributed Hash Table\\\small{IETF118}} 12 \date{06/11/2023} 13 \author{\textbf{Martin Schanzenbach~$\spadesuit$}, Christian Grothoff~$\clubsuit$, Bernd Fix~$\diamondsuit$} 14 %\institute{\hfill\includegraphics[trim={0cm 1.5cm 0cm 0cm},clip,width=6em]{gnunet}\url{https://gnunet.org}} 15 \institute{$\spadesuit$~Fraunhofer AISEC \url{https://aisec.fraunhofer.de}\\$\clubsuit$~Berner Fachhochschule \url{https://bfh.ch}\\$\diamondsuit$~GNUnet e.V. \url{https://gnunet.org}} 16 \begin{document} 17 \metroset{block=fill,sectionpage=progressbar,numbering=counter} 18 \maketitle 19 20 % \section{The R5N DHT In a Nutshell} 21 22 \begin{frame}{$R^5N$: Randomized-recursive routing for restricted-route networks} 23 $R^5N$ is a DHT with the following design goals: 24 \begin{itemize} 25 \item \textbf{Open participation peer-to-peer routing}. 26 \item Works in \textbf{restricted-route environments}. 27 \item Supports \textbf{route path recording}. 28 \item In-band \textbf{request (and response) validation}. 29 \item Allows for \textbf{result filtering}. 30 \end{itemize} 31 I-D: \url{https://datatracker.ietf.org/doc/draft-schanzen-r5n/} 32 \end{frame} 33 34 \begin{frame}{Open participation peer-to-peer routing} 35 \begin{itemize} 36 \item Access control requires authentication (and trust) and leads to centralization. 37 \item RELOAD (RFC 6940): ``\textit{RELOAD's security model is based on each node having one or more 38 public key certificates. In general, these certificates will be 39 assigned by a central server, which also assigns Node-IDs, although 40 self-signed certificates can be used in closed networks.}'' 41 \item (Popular) DHTs today require classic Kademlia-style ad-hoc permissionless participation (e.g. IPFS). 42 \end{itemize} 43 \end{frame} 44 45 46 \begin{frame}{Support for restricted-route environments} 47 From ``$R^5N$ : Randomized Recursive Routing for 48 Restricted-Route Networks'' by Evans et al.: 49 \begin{itemize} 50 \item \textit{Restricted-route topology} refers to a connected underlay topology which does not support direct 51 connections between some of the nodes (e.g. wireless mesh networks, NAT or firewalls). 52 \item Common DHT routing algorithms (e.g. Kademlia) show diminished performance or even arrant failure when operating over a restricted-route underlay. 53 \item A common solution is to prevent participation in the DHT to peers that are not encumbered by such restrictions. 54 \item However, on the modern Internet the proportion of hosts with unrestricted communication capabilities is increasingly limited (e.g. CG NAT). 55 \end{itemize} 56 \end{frame} 57 58 \begin{frame}{Implications of restricted-route environments} 59 Problem: 60 \begin{itemize} 61 \item Some peers, which from the distance metric (XOR) may be close, may not be reachable (e.g. firewall). 62 \item This leads to multiple (local) minima with respect to where data may be stored/can be retrieved. 63 \end{itemize} 64 Solution: 65 \begin{itemize} 66 \item Random walk before greedy decent to ``escape'' local minima. 67 \item Assuming we have a small world topology, the random walk will cause us to land at a random peer in the network from where the greedy descent will find a random local minimum. 68 \item Replication at multiple local minima combined with the birthday paradox provides reasonable availability. 69 \end{itemize} 70 \end{frame} 71 72 \begin{frame}{Kademlia sunshine scenario (k=2)} 73 \begin{center} 74 \includegraphics[height=0.9\textheight]{R5NRoutExample-0.pdf} 75 \end{center} 76 \end{frame} 77 78 \begin{frame}{Restricted route scenario} 79 \begin{center} 80 \includegraphics[height=0.9\textheight]{R5NRoutExample-1.pdf} 81 \end{center} 82 \end{frame} 83 \begin{frame}{Local minima I} 84 \begin{center} 85 \includegraphics[height=0.9\textheight]{R5NRoutExample-2.pdf} 86 \end{center} 87 \end{frame} 88 89 \begin{frame}{Local minima II} 90 \begin{center} 91 \includegraphics[height=0.9\textheight]{R5NRoutExample-3.pdf} 92 \end{center} 93 \end{frame} 94 95 \begin{frame}{PUT example --- XOR} 96 \begin{center} 97 \includegraphics[height=0.9\textheight]{R5NRoutExample-5.pdf} 98 \end{center} 99 \end{frame} 100 101 \begin{frame}{PUT example --- $R^5N$ walk length $= 1$} 102 \begin{center} 103 \includegraphics[height=0.9\textheight]{R5NRoutExample-6.pdf} 104 \end{center} 105 \end{frame} 106 107 \begin{frame}{PUT example --- $R^5N$ walk length $= 1$} 108 \begin{center} 109 \includegraphics[height=0.9\textheight]{R5NRoutExample-7.pdf} 110 \end{center} 111 \end{frame} 112 113 \begin{frame}{Special case: At least one descent-hop; no loops} 114 \begin{center} 115 \includegraphics[height=0.9\textheight]{R5NRoutExample-8.pdf} 116 \end{center} 117 \end{frame} 118 119 \begin{frame}{Route recording for source routing} 120 Consider the following problem: 121 \begin{itemize} 122 \item Two peers want to use a communication channel. 123 \item They cannot establish a direct link due to underlay restrictions. 124 \item Assumption: Other peers are happy to provide relay services. 125 \item Payload transmission via PUT and GET would be inefficient. 126 \end{itemize} 127 $\Rightarrow$ Discover a route through the overlay: 128 129 \begin{itemize} 130 \item Peer adverstises existence of service via DHT PUT with route recording. 131 \item Client discovers service provider via DHT GET with valid route of GET/PUT message path. 132 \end{itemize} 133 \end{frame} 134 135 136 \begin{frame}{In-band response validation} 137 DHT values can be corrupted or invalid. $R^5N$ addresses this with pluggable, extensible block types: 138 \begin{itemize} 139 \item Given a key and a block type, it is possible to verify the integrity of the value. 140 \item The verification should be possible for all hops on path, improving caching performance. 141 \item A verification could include cryptographic signatures over the data or more sophisticated approaches (see GNS, RFC-to-be 9498) 142 \end{itemize} 143 \end{frame} 144 145 \begin{frame}{Result filtering via mutated Bloom filter} 146 Queries could have a unique or multiple results depending on the application. 147 \begin{itemize} 148 \item We provide capability to abort query forwarding early if unique answer has been found. 149 \item We probalistically filter results already known to the client to reduce traffic. 150 \item To address false positives when using Bloom filters we use mutation. 151 \end{itemize} 152 \end{frame} 153 154 \begin{frame}{Optimization: Routing loop prevention} 155 Repeatedly visiting the same peer in GET or PUT operations is inefficient. 156 \begin{itemize} 157 \item Visiting new peers increases the chance of finding previously undiscovered results. 158 \item Visiting new peers drives us away from the starting point and towards more distant local minima. 159 \end{itemize} 160 $R^5N$ uses a \textit{Bloom filter} in GET/PUT messages to prevent routing loops. 161 \end{frame} 162 163 \begin{frame}{For DISPATCH} 164 \begin{itemize} 165 \item I-D is WIP at \url{https://datatracker.ietf.org/doc/draft-schanzen-r5n/}\\ 166 \item We have approached WGs since initial upload: dinrg, rtgwg, \ldots 167 \item Which (other) WGs may be interested? 168 \end{itemize} 169 \end{frame} 170 171 \begin{frame} 172 \begin{center} 173 \centering Funded by\\ 174 \includegraphics[width=2cm]{ngi.png}\qquad\includegraphics[width=2cm]{nlnet.png} 175 %\vspace{1cm}\\ 176 %DISPATCH: Are there any WGs interested in adopting/working on this?\\ 177 \vspace{2em} 178 \\Contacts:\\ 179 \vspace{1em} 180 {\tiny 181 Martin Schanzenbach \texttt{schanzen@gnunet.org}\\ 182 Christian Grothoff \texttt{grothoff@gnunet.org} 183 } 184 \end{center} 185 \end{frame} 186 187 \appendix 188 189 \end{document}