Research On Network Architecture And Key Mechanisms Based On Locator And Identifier Separation

In the current TCP/IP architecture, the IP address has dual semantic functions, which indicates both the network node's routing locator and its endpoint identifier. People called it"IP Overload"problem. The"IP Overload"problem makes it hard to support mobility in TCP/IP, weakens the core routing scalability and reduces the efficiency of security mechanism. Moreover, the"IP Overload"problem also limits the development of several new technologies including multi-homing, traffic engineering, etc."Locator/Identifier Split"is one of the effective ways to resolve the"IP Overload". At present, the network naming and addressing architecture based on the"Locator/Identifier Split"has become a hot spot in network architecture research, and some valuable methods have been proposed. However, these methods still have some drawbacks on mapping service scalability, mobility, etc. Moreover,"Locator/Identifier Split"is also a promising way to defeat some hard problems of network security, traffic engineering, multi-homing, multicast and anycast.To address the"IP Overload"problem, we start our research on network naming and addressing architecture based on"Locator/Identifier Split". At first, we proposed a new network architecture (LISA, Locator Identifier Separation Architecture). LISA increases the scalability of core network routing and provides a well platform to support mobility and end-to-end network security mechanism based on Identifier. Secondly, we proposed a mapping service mechanism based on one hop DHT (LISA-Mapping). LISA-Mapping is a scalable flat label resolving mechanism. It reduces the lookup delay and increases the lookup frequency and update rate, which satisfies the mobility requirements. Thirdly, to address the limitation of the network access control based on IP address, we proposed a network access control mechanism based on permanent identifier (LISA-NAC). LISA-NAC provides an accurate and efficient fine grain access control mechanism for the edge network. Finally, we proposed a site multi-homing method based on LISA, which supported the path failure recovery mechanism (LISA-Recovery). LISA-Recovery can detect the path failure and performance degration, and gave a quick path switch to ensure the application service to work normally. The contributions of this dissertation are as followed.1. LISA architecture research. We proposed a network based"Locator/Identifier Split"architecture. LISA divides the network into core network and edge network. The core network uses the structural label (Locator) which ensures the aggregation property of the kernel network label, and increases the scalability of core network routing. The edge network uses the flat label (Identifier) which can support mobility well, and be a basis of end-to-end network security mechanism based on cryptographic identifier. Moreover, LISA provides a new way to support traffic engineering and muli-homing. LISA adopts"LISA in IP"packet encapsulation method, which avoids updating the network devices in core network.2. LISA mapping service mechanism research. In order to implement"Locator/Identifier Split", LISA should perform the transition between two address spaces. So the scalable mapping service of flat label is the kernel of LISA. We proposed a one hop DHT based mapping service mechanism. LISA-Mapping provides a scalable resolving mechanism of flat label, and reduces the look up delay, increases the look up frequency and update rate. Moreover, LISA-Mapping has partly resolved the migration problem of mapping records during the mapping service nodes'dynamic join and leave. We also gave an analysis of the lookup delay of hierarchical LISA-Mapping, and concluded the relation between the lookup delay and hierarchical mapping structure. The simulation test results show that LISA-Mapping's lookup dealy is smaller than the other mapping methods3. Permanent Identifier based network access control mechanism research. LISA separates the network node's identifier and locator, which makes it possible to set up the identifier based network access control. With the support of LISA, we proposed the permanent identifier based network access control mechanism (LISA-NAC), including IBAC (Identifier Based Access Control) mode and Self-verifying Identifier. The IBAC model provides a more accurate and efficient access control. The Self-verifying Identifier in the packet can be used to verify the packet's source, which simplifies the packet's source verification. Moreover, we also tested and analyzed the transport performance, system performance costs and ACL access efficiency, which proves the feasibility of LISA-NAC.4. LISA based path failure detecting and recovery mechanism research. The"Locator/Identifier Split"can support multi-homing well. We proposed a LISA based multi-homing method which provided a new way to support the path failure recovery (LISA-Recovery). The LISA based multi-homing ensure the heterogeneity of muli-path mulit-homing site. Our simulation test results shows that LISA-Recovery can detect the path failure and performance degradation efficiently, and make a quick path switch which will ensure the operation of the application service. Moreover, we analyzed the performance costs of LISA-Recovery, which proved the feasibility of LISA-Recovery.5. The design and implement of LISA prototype. According to the research results, we designed and implemented a LISA route prototype based on the ORCP open router platform. We also implemented LISA-NAC in the host PC and network security device with the software method.To sum up, we present well-evaluated solutions in this dissertation for some key issues of"Locator/Identifier Split"naming and addressing architecture. We believe that our contributions make a good foundation for future research of new network architecture both in theory and practice.