[This post is a repost from https://yoursunny.com/t/2017/tunnel-Ethernet-over-NDN/ written by NDN developer Junxiao Shi]
Named Data Networking (NDN) is a common network protocol for all applications and network environment. NDN’s network layer protocol runs on top of a best-effort packet delivery service, which includes physical channels such as Ethernet wires, and logical connections such as UDP or TCP tunnels over the existing Internet. Using this underlying connectivity, NDN provides a content retrieval service, which allows applications to fetch uniquely named “Data packets” each carrying a piece of data. The “data” could be practically anything: text file chunks, video frames, temperature sensor readings … they are all data. Likewise, a packet in a lower layer network protocol, such as an Ethernet frame, is also a piece of data. Therefore, it should be possible to encapsulate Ethernet traffic into NDN Data packets, and establish a Virtual Private Network (VPN) through NDN communication. This post describes the architecture of a proof-of-concept Ethernet-over-NDN tunneling program, and shows a simple performance benchmark over the real world Internet.
tap-tunnel creates an Ethernet tunnel between two nodes using NDN communication. Each node runs an instance of tap-tunnel.
This program collects packets sent into a TAP interface, and turn them into NDN packets. It then gains NDN connectivity by connecting to the local NDN Forwarding Daemon (NFD). The diagram below shows the overall architecture: Read More
An article from Networld World reads: Largest DDoS attack ever delivered by botnet of hijacked IoT devices details the recent event.
A 600+Gbps DDoS attack from IoT devices is truly remarkable. Moreover, it was not a reflection attack! The target was protected by Akamai, who had to drop them (it was hosted pro-bono) after a few days of sustained attack because it was costing too much.
There are a few elements that might make this event a game changer:
- from now on, people may want to always talk about security in IoT,
- it raises questions about protecting the little guy from DDoS, the customer here found a home at Google’s Project Shield, but obviously this is not scalable, and
- cloud protection from DDoS is not a general solution despite what cloud providers will have you believe.
To me such events bring to focus the weaknesses and fragility of the IP architecture. With billions of IoT devices projected in the future, even one packet/second (or even per minute) from a fraction of these devices would be enough to cause real damage. We all know about the code quality and ease of patching of IoT devices, this will not change.
Maybe Bruce Schneier’s near-apocalyptic thoughts are not too far off.