Archives for CAIDA

Manifest embedding

Manifests are proposed to be a special type of content in Named Data Networking that contains meta-information about other Data packets: a sequence of Data segments or completely independent information objects. While a great variety of useful meta-information exists, this document focuses on the case when manifest contains a list of Data packet names. For example, a manifest containing full names (prefix + digest of the packet) can be used by the consumer application for faster verification of data packets. Only the manifest object must be verified using the public key cryptography, whereas all other Data packets listed in the manifest can be verified by simple computation of the digest and comparison to the digest specified in already verified manifest. The purpose of this technical memo is to introduce the use of manifests for faster signing and verification of Data packets without requiring an additional round-trip delay for manifest fetching.

Read the full technical report on manifest embedding.

How to Deploy the NDN Forwarding Daemon on a Low-End Box

Named Data Networking (NDN) is a potential future Internet architecture designed as a distribution network. To access the NDN network from a Linux or Apple OSX machine, one can install the NDN Platform, a collection of software packages including the protocol stack and critical applications. The NDN Forwarding Daemon (NFD), a core component of the architecture, serves as a software router and runs both on the network routers as well as on end hosts to communicate with routers.

The NDN team provides periodic releases of the new platform, and binary packages are provided with each platform release. However, the development of NDN software, including NFD, happens much faster than platform releases, so users can download source code from GitHub. If a user wants to run bleeding edge software, those packages must be built from source code.

As a geeky low end box user, I’m thinking: can I run the NDN platform on a Linux box with only a small amount of memory? The box I’m talking about is an OpenVZ container from LowEndSpirit UK location, with only 128MB memory and no swap space. To make the challenge more interesting, I want to avoid apt-get, and run the bleeding edge version built from source code.
Read More

Named Data Networking Next Phase (NDN-NP)

We are pleased to note that the National Science Foundation’s (NSF) Directorate for Computer and Information Science and Engineering (CISE) just announced its support for the next phase of the Future Internet Architecture projects (“Moving towards a more robust, secure and agile Internet”). This next round of funding will allow the NDN-NP Project to further develop, test and deploy our novel Internet architecture.

Below is the project summary we submitted with our proposal on 7 June 2013:

Project Summary

Named Data Networking (NDN) is a Future Internet Architecture inspired by years of empirical research into network usage and a growing awareness of persistently unsolved problems of the current Internet (IP) architecture. Its central premise is that the Internet is primarily used as an information distribution network, a use that is not a good match for IP, and that the future Internet’s “thin waist” should be based on named data rather than numerically addressed hosts.


This project continues research on NDN started in 2010 under NSF’s FIA program. It applies the project team’s increasingly sophisticated understanding of NDN’s opportunities and challenges to two national priorities–Health IT and Cyberphysical Systems–to further the evolution of the architecture in the experimental, application-driven manner that proved successful in the first three years. In particular, our research agenda is organized to translate important results in architecture and security into library code that guides development for these environments and other key applications toward native NDN designs. It simultaneously continues fundamental research into the challenges of global scalability and broad opportunities for architectural innovation opened up by “simply” routing and forwarding data based on names.

Our research agenda includes: (1) Application design, exploring naming and application design patterns, support for rendezvous, discovery and bootstrapping, the role and design of in-network storage, and use of new data synchronization primitives; (2) Security and trustworthiness, providing basic building blocks of key management, trust management, and encryption-based access control for the new network, as well as anticipating and mitigating future security challenges faced in broad deployment; (3) Routing and forwarding strategy, developing and evaluating path-vector, link-state, and hyperbolic options for inter-domain routing, creating overall approaches to routing security and trust, as well as designing flexible forwarding and mobility support; (4) Scalable forwarding, aiming to support real-world deployment, evaluation and adoption via an operational, scalable forwarding platform; (5) Library and tool development, developing reference implementations for client APIs, trust and security, and new network primitives based on the team’s fundamental results, as well as supporting internal prototype development and external community efforts; (6) Social and economic impacts, considering the specific questions faced in our network environments as well as broader questions that arise in considering a “World on NDN.”

We choose Mobile Health and Enterprise Building Automation and Management Systems as specific instances of Health IT and Cyberphysical Systems to validate the architecture as well as drive new research. Domain experts for the former will be the Open mHealth team, a non-profit patient-centric ecosystem for mHealth, led by Deborah Estrin (Cornell) and Ida Sim (UCSF). For the latter, our experts will be UCLA Facilities Management, operators of the second largest Siemens building monitoring system on the West Coast. To guide our research on the security dimensions of these important environments and the NDN architecture more generally, we have convened a Security Advisory Council (NDN-SAC) to complement our own security and trust effort.

Intellectual Merit

The NDN architecture builds on lessons learned from the success of the IP architecture, preserving principles of the thin waist, hierarchical names, and the end-to-end principle. The design reflects a recognition of the major shift in the applications communication model: from the “where” (i.e., the host/location) to the “what” (i.e., the content). Architecting a communications infrastructure around this shift can radically simplify application designs to allow applications to communicate directly using the name of the content they desire and leave to the network to figure out how and where to retrieve it. NDN also recognizes that the biggest weakness in the current Internet architecture is lack of security, and incorporates a fundamental building block to improve security by requiring that all content be cryptographically signed.

Broader Impacts

The success of new architectures requires broad community involvement and uptake. NDN has built significant momentum through commitment to an open source model that has spurred substantial research activity in both architecture and current implementation. Project members are often invited to present at “future Internet” meetings around the world, and we have performed two high-visibility demos of NDN’s ability to handle large scale distribution. Industry is also showing increasing interest in NDN. Finally, NDN has also had a significant impact on our students, yielding several current Ph.D. theses on NDN topics, industry internships involving NDN research, and graduate and undergraduate curriculum material that offer a comprehensive alternative to IP to stimulate discussion of what network architecture design really means.

NDN for humans

In an attempt to lower the barriers to understanding this revolutionary (as well as evolutionary) way of looking at networking, three recently posted documents are likely to answer many of your questions (and inspire a few more):

(1) Almost 5 years ago, Van gave a 3+ hour tutorial on Content-Centric Networking for the Future Internet Summer School (FISS 09) hosted by the University of Bremen in Germany. We finally extracted an approximate transcript of this goldmine and are making it available, along with pointers to the slides and (4-part) video of his tutorial hosted by U. Bremen.

(Our FAQ answers the commonly asked question of How does NDN differ from Content-Centric Networking (CCN))

(2) A short (8-page) technical report, Named Data Networking, introducing the Named Data Networking architecture. (A version of this report will appear soon in ACM Computer Communications Review.)

(3) Another technical report exploring he potential social impacts of NDN: A World on NDN: Affordances & Implications of the Named Data Networking Future Internet Architecture. This paper highlights four departures from today’s TCP/IP architecture, which underscore the social impacts of NDN: the architecture’s emphases on enabling semantic classification, provenance, publication, and decentralized communication. These changes from TCP/IP could expand affordances for free speech, and produce positive outcomes for security, privacy and anonymity, but raise new challenges regarding data retention and forgetting. These changes might also alter current corporate and law enforcement content regulation mechanisms by changing the way data is identified, handled, and routed across the Web.

We welcome feedback on these and any NDN publications.

4th NDN Retreat slidesets available

On November 12-13, 2013, CAIDA hosted the NDN Project’s fourth retreat in San Diego, CA, with over 40 participants in attendance. The agenda and participants list is available at http://www.caida.org/workshops/ndn/1311/ as well as slidesets from the retreat.