5. The world has changed
Almost anything is available online.
An ever increasing range of content can be distributed
digitally.
Anyone can create, discover and consume content.
Exabytes of new content are produced yearly.
Everything is connected to the Internet.
7. IP is a poor match to its primary use
today
Just as the telephone system would be a poor vehicle for
the broadcast content distribution done by TV and radio.
10. Benefits of ICN
If network understands what it’s carrying,
Universal caching
Adaptive multipath routing
Better handling of mobility, address exhaustion, etc
Secure the content rather than the pipe
11. Named Data Networking
NDN is one of Information Centric Networking schemes.
CCN (Content Centric Networking) is the project name at
PARC.
NDN (Named Data Networking) is the project name
sponsored by NSF.
13. Key idea
Give each packet a unique name.
Packets are routed and forwarded based on names.
Essentially changing the waist of the hourglass
architecture from address-based IP to content-name
based NDN.
15. How it works?
Applications name its data.
Consumers send Interest packets, producers respond with
Data packets (ContentObjects).
Interests are routed based on their names.
Routers remember outstanding Interests in Pending
Interest Table (PIT).
Data trace back along PIT entries.
Every data packet carries a signature.
16. Naming
Applications give names to packets.
NDN uses hierarchical names to facilitate aggregation,
management, discovery.
17. Receiver-driven data retrieval
All communication is initiated by consumers, ie start with
an Interest packet.
Routers forward the Interest towards the producer, and
remembers the incoming interface of the Interest.
The producer sends the data back. The data takes the
exact reverse path of the Interest to reach the consumer.
One Interest retrieves one data.
consumer router producer
1. Interest 2. Interest
3. ContentObject4. ContentObject
18. Caching
Routers can now cache the data since they’re named.
consumer1
consumer2
router producer
cache
1.Interest
2. Interest
5. Interest
4. ContentObject
3. ContentObject
6. ContentObject
19. Security and Privacy
Secure the content/data, not the pipe or the perimeter.
Each data packet has to carry a signature
because data can come from any router or source.
21. Naming
NDN: hierarchical names defined by applications
Names are usually not hashes.
Other ICN architectures may use hash as data name.
22. Fast name lookup
NDN router looks up a Name in Forwarding Information Base (FIB)
to decide where to forward it.
Name could have any number of components, and a component
could be arbitrarily long.
Fast name lookup could be achieved in nested hash tables.
A hash is computed over the first component, and the result
is a pointer to the next hash table, which is keyed with the
hash of the second component, and so on.
If a name consists of k components, then in the absence of
collisions, k hash lookups would be required in the worst case
to identify the longest matching prefix.
24. Aggregated signing
Every ContentObject must be signed.
Generating signature (RSA) for every individual block is
computationally expensive.
Merkle hash trees amortize the signing cost over multiple
ContentObjects.
26. Aggregated signing
Sign the root hash (H6) only.
Include Merkle Path with the signature
node index (eg. node 1)
hash of sibling node, hash of parent’s sibling node, and so
on (eg. H0, H5 for node 1)
To verify the signature for block1, one can compute
H1=H(block1), H4=H(H0H1), H6=H(H4H5), and see whether
the signature is valid for H6.
H0 H1 H2 H3
H4 H5
H6
28. References
Van Jacobson et al, Networking Named Data
NDN Technical Report NDN-0001, Named Data Networking (NDN) Project
Beichuan Zhang, CSC630 Spring 2012
CCNx technical documentation, CCNx Signature Generation and Verification