ࡱ> ;(5 F/ 0|DTimes New Roman0z[ 0DTahomaew Roman0z[ 0" DWingdingsRoman0z[ 00DHelveticaRoman0z[ 0 "@DCourier Newman0z[ 01 A .  @n?" dd@  @@`` n f |6  %  $W?MtE1$>'M l    ?JO?Y|& jt    $K)  6 2}A.%%  $A F/& [ " "+/,2,&6F ] 5Ui $   A +?,  9.0B& +  1M    /82   8*    CN0d{G [O-#'+,12 <=> ?@ABCDE,NJO XYstwxyz 0e0e     A@  A1 8c8c     ?1 d0u0@Ty2 NP'p<'pA)BCD|E||"  f/@8M N  g4KdKdz[ 0 ppp<4!d!d@ 0|+<4BdBd@ 0|+g4ddddz[ 0Hpj pGHa ʚ;L;ʚ;<4dddd@|- 0,___PPT10 .:"Hari Balakrishnan..(mwalfish.).4Ernie Morrison.___PPT9/ 0{ܷA0L ?  O(Foo Bare7m The Problem GReactions to the Problem B%DOA: Delegation-Oriented Architecture qOutlineLDOA (Delegation-Oriented Architecture) Uses of DOA Related Work / Conclusion2M@" -' ff% {%Globally Unique Identifiers for Hosts Delegation Primitive }DOA in a Nutshell >A Bit More About DOA u oDOA (Delegation-Oriented Architecture) Uses of DOA Off-path firewall Reincarnated NAT Related Work / Conclusion|'" " P# " ( " P'  ff# ff  "Off-path Firewall #Off-path Firewall: Benefits $Reincarnated NAT  Outline:PDOA (Delegation-Oriented Architecture) Uses of DOA Related Work / Conclusion dM@" -@" -3  ffff ffff! Related WorkLocation/identity split HIP, FARA, Nimrod, and others Problems from private address realms IPv6 IPNL, IETF activity (STUN), and others Both of the above TRIAD, UIP, i3% 2, 2 % ,   +Summary and ConclusionDOA s goals: architectural extension to: Reduce middleboxes badness + keep goodness DOA s properties: Topology-independent, globally unique host ids Let end-hosts invoke off-path boxes DOA lets users, admins outsource functions Competitive market in managed services Can reconcile the purist and the pragmatist Delegation: new property, not new philosophy)},S+S-),S  S  H+ p)Appendix Slides0 QWhy Does DOA Use . . . 62Why Doesn t DOA Use . . . P&But NATs are Supposed to Hide Identity$'  RPCan t Off-Path Boxes Also Be Intolerant? :Security and Integrity ;<Security and Integrity, Cont d <Latency =Incremental Deployment /ntv|~P ` ff33f` ffD3f` MMM` f3fD"Yf` f3f6f3f` 3f̙f>?" dd@$?" dd@ " @ ` n?" dd@   @@``@n?" dd@  @@``PR    @ ` `p>> uK0 ld<(  <  < 0    T Click to edit Master title style! !  < s *H  `   RClick to edit Master text styles Second level Third level Fourth level Fifth level!     S <  `d??#" `H v . N < 6޽h? ffD3f  PulseF   uK0 UM@( ( @  @ H$[? ??(  T Click to edit Master title style! !  @ B]? ?? p@   W#Click to edit Master subtitle style$ $   `+B#style.visibility<*4 %(+8+0+4  +h   uK0 33PM 0 &3(   pB I HDԔ? p pB J HDԔ?   B ' S zE`FNQ&UVW Ԕ))? XX6381-D81^ DS &{'LO^ D+ YL^0L8]T+ YL7Gn2H+IJ7GI:9]T:I:Q= qR&QJ 7JJ >:*;9>:+$.+] x!+] 6381$ 3-D^ D %D^0L8]TH+ YL^0L8]T7G@8Cn2H+IJI:B,= qR&N7#Q7JK J 7J>:8*;9+ +$ x!+ ] x!+$(,`C0*0*ITNT0*0* BCCloud#" `T B , TD ? ,$@  0f B .  EF.QFUVWfjJ??`T`TDRDR`T`T     llll##l##L,L,#L,L,44L,44,=,=4,=,=EE,=EE N NETT""T"4"444""4"("((("0"0(00"8"8088"dA"dA8dAdA"I"IdAII"DR"DRI")$ )$ "" " )$)$" "")$l)$l""l"l)$#)$#"l"#"#)$L,)$L,"#"L,"L,)$4)$4"L,"4"4)$,=)$,="4",=",=)$E)$E",="E"E)$ N)$ N"E"T)$T0*0*)$T)$)$0*40*4)$)$4)$40*0*)$4)$)$0*(0*()$)$()$(0*00*0)$()$0)$00*80*8)$0)$8)$80*dA0*dA)$8)$dA)$dA0*I0*I)$dA)$I)$I0*DR0*DR)$I)$0*60 60 0*0* 0* 60600* 0*0*60l60l0*0*l0*l60#60#0*l0*#0*#60L,60L,0*#0*L,0*L,6046040*L,0*40*460,=60,=0*40*,=0*,=60E60E0*,=0*E0*E60 N60 N0*E0*T60T=6=660T6060=64=6460604604=6=66046060=6(=6(6060(60(=60=6060(600600=68=68600608608=6dA=6dA60860dA60dA=6I=6I60dA60I60I=6DR=6DR60I60=6D< D< =6=6 =6 D<D<=6 =6=6DMiddlebox: interposed entity doing more than IP forwarding (NAT, firewall, cache, & ) Not in harmony with the Internet architecture y.  s *4  C ,$@ 0 \No unique identifiers and on-path blocking: Barrier to innovation Workarounds add complexity(,1,1  N8 1?"`0 ,$ 0 B10.1.1.4 (2  % C BCDEF ?@Z P ,$@  0 & N1?"` ,$@  0    0e0e    BhCPDE(F   8c8c     ?1 d0u0@Ty2 NP'p<'pA)BCD|E|| PE=}90'+h @   "`X h,$@  0 ( T0 3fp?"`@hx,$ 0 =NAT(2 * NA 1?"` $ 0,$ 0 ;B(2 - NhE 1?"`h0 @Host A(2  TH 1?"   ,$ 0 KNew traffic class(2 ; H1?"`H8Xp ,$D 0 > NhM 3fp?"`h,$ 0 BFirewall (2  ? HtQ 1?"`h( @Host D(2 E 3 BCDEF ?P|9W@)| @   8 ,$@ 0B   0E(FTQ&UVWff8c0*`TM`TML`TL`T`+`T`TSRQ0Q(PMK0*80`+LL`T0*`TXD+0E+F+F`+F`+F*F0*F F FFR0EXD0X  R R    0* * `+ +X+0+XD+ L M R `T LLMR`TL@L@M@R@`T@LPLPMPRP`TPLLMR`TL"L"M"R"`T"L'L'M'R'`T'L+L+M+R+`T+L0L0M0R0`T0L(5L(5M(5R(5`T(5L8:L8:M8:R8:`T8:LH?LH?MH?RH?`TH?LCLCMCRC`TCLHLHMHRH`THLMLALLLML@/B7@/J4KJ4KB7@/B7'(@`@@@@@@@@@@@@@@@@@0*`T0*0*`T0* n F+computr4"`  ,$@  0B   0E(FTQ&UVWff8c0*`TM`TML`TL`T`+`T`TSRQ0Q(PMK0*80`+LL`T0*`TXD+0E+F+F`+F`+F*F0*F F FFR0EXD0X  R R    0* * `+ +X+0+XD+ L M R `T LLMR`TL@L@M@R@`T@LPLPMPRP`TPLLMR`TL"L"M"R"`T"L'L'M'R'`T'L+L+M+R+`T+L0L0M0R0`T0L(5L(5M(5R(5`T(5L8:L8:M8:R8:`T8:LH?LH?MH?RH?`TH?LCLCMCRC`TCLHLHMHRH`THLMLALLLML@/B7@/J4KJ4KB7@/B7'(@`@@@@@@@@@@@@@@@@@0*`T0*0*`T0* n F+computr4"`^  ,$D 0 + NV 1?"`  ,$ 0 ;C(2`B L *E(FTQ&UVWff8c0*`TM`TML`TL`T`+`T`TSRQ0Q(PMK0*80`+LL`T0*`TXD+0E+F+F`+F`+F*F0*F F FFR0EXD0X  R R    0* * `+ +X+0+XD+ L M R `T LLMR`TL@L@M@R@`T@LPLPMPRP`TPLLMR`TL"L"M"R"`T"L'L'M'R'`T'L+L+M+R+`T+L0L0M0R0`T0L(5L(5M(5R(5`T(5L8:L8:M8:R8:`T8:LH?LH?MH?RH?`TH?LCLCMCRC`TCLHLHMHRH`THLMLALLLML@/B7@/J4KJ4KB7@/B7'(@`@@@@@@@@@@@@@@@@@0*`T0*0*`T0* n F+computr4"`vR`B M *E(FTQ&UVWff8c0*`TM`TML`TL`T`+`T`TSRQ0Q(PMK0*80`+LL`T0*`TXD+0E+F+F`+F`+F*F0*F F FFR0EXD0X  R R    0* * `+ +X+0+XD+ L M R `T LLMR`TL@L@M@R@`T@LPLPMPRP`TPLLMR`TL"L"M"R"`T"L'L'M'R'`T'L+L+M+R+`T+L0L0M0R0`T0L(5L(5M(5R(5`T(5L8:L8:M8:R8:`T8:LH?LH?MH?RH?`TH?LCLCMCRC`TCLHLHMHRH`THLMLALLLML@/B7@/J4KJ4KB7@/B7'(@`@@@@@@@@@@@@@@@@@0*`T0*0*`T0* n F+computr4"`v&rH  0޽h ? ffD3f4B TIMING&|20.7|7.5|13.4|36.14___PPT10g4.)+~yD2' = @B D2' = @BA?%,( < +O%,( < +D' =%(D' =%(Dp' =A@BB/BB0B%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =-g6B fade*<3<* D' =+4 8?\CB#ppt_xBCB#ppt_xB*Y3>B ppt_x<* D' =+4 8?bCB#ppt_y-.1BCB#ppt_yB*Y3>B ppt_y<* Dc' =4@BB/BB%(D' =1:Bvisible*o3>+B#style.visibility<*F %(D' =-g6B fade*<3<*F D' =+4 8?\CB#ppt_xBCB#ppt_xB*Y3>B ppt_x<*F D' =+4 8?bCB#ppt_y-.1BCB#ppt_yB*Y3>B ppt_y<*F Dp' =A@BB/BB0B%(D' =1:Bvisible*o3>+B#style.visibility<*( %(D' =-g6B fade*<3<*( D' =+4 8?\CB#ppt_xBCB#ppt_xB*Y3>B ppt_x<*( D' =+4 8?bCB#ppt_y-.1BCB#ppt_yB*Y3>B ppt_y<*( Dp' =A@BB/BB0B%(D' =1:Bvisible*o3>+B#style.visibility<*> %(D' =-g6B fade*<3<*> D' =+4 8?\CB#ppt_xBCB#ppt_xB*Y3>B ppt_x<*> D' =+4 8?bCB#ppt_y-.1BCB#ppt_yB*Y3>B ppt_y<*> Dc' =4@BB/BB%(D' =1:Bvisible*o3>+B#style.visibility<*. %(D' =-g6B fade*<3<*. D' =+4 8?\CB#ppt_xBCB#ppt_xB*Y3>B ppt_x<*. D' =+4 8?bCB#ppt_y-.1BCB#ppt_yB*Y3>B ppt_y<*. D' =%(Dh' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* U%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* U%(D' =%(Dn' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*, %(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*% %(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*& %(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* ,%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* ,B%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* B]%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*+ %(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<** %(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* %(DY' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*E %(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*; %(+P+0+  ++0+(  ++0+*  ++0+  ++0+>  ++0++  +@   uK0  p(   ~  s *$| <    ^  s *}   ,$@ 0 Our goal: Architectural extension in which: Middleboxes first-class Internet citizens Harmful effects reduced, good effects kept New functions arise ,i L  s *  ,$D 0 Purist: can t live with middleboxes Pragmatist: can t live without middleboxes Pluralist (us): purist, pragmatist both right t}       ,  0H  0޽h ? ffD3f 6 TIMING|30.2|17.|23. ___PPT10 .)+MpD^ ' = @B D ' = @BA?%,( < +O%,( < +D4' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* $O%(D4' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* O}%(D' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* ,%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* ,V%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* V%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* %(+A   uK0 Z/R/I .(   pB ( HDԔ?p~  s *L <      s * _  ,$D 0 ZArchitectural extension to Internet. Core properties: 1. Restore globally unique identifiers for hosts 2. Let receivers, senders invoke (and revoke) off-path boxes: delegation primitive 6 P6/,pB $ HDԔ? B % C tE`FNQ&UVW Ԕ))? XX6381-D81^ DS &{'LO^ D+ YL^0L8]T+ YL7Gn2H+IJ7GI:9]T:I:Q= qR&QJ 7JJ >:*;9>:+$.+] x!+] 6381$ 3-D^ D %D^0L8]TH+ YL^0L8]T7G@8Cn2H+IJI:B,= qR&N7#Q7JK J 7J>:8*;9+ +$ x!+ ] x!+$(,`C0*0*ITNT0*0* BCCloud#" `` B '  EF.QFUVWfjJ??`T`TDRDR`T`T     llll##l##L,L,#L,L,44L,44,=,=4,=,=EE,=EE N NETT""T"4"444""4"("((("0"0(00"8"8088"dA"dA8dAdA"I"IdAII"DR"DRI")$ )$ "" " )$)$" "")$l)$l""l"l)$#)$#"l"#"#)$L,)$L,"#"L,"L,)$4)$4"L,"4"4)$,=)$,="4",=",=)$E)$E",="E"E)$ N)$ N"E"T)$T0*0*)$T)$)$0*40*4)$)$4)$40*0*)$4)$)$0*(0*()$)$()$(0*00*0)$()$0)$00*80*8)$0)$8)$80*dA0*dA)$8)$dA)$dA0*I0*I)$dA)$I)$I0*DR0*DR)$I)$0*60 60 0*0* 0* 60600* 0*0*60l60l0*0*l0*l60#60#0*l0*#0*#60L,60L,0*#0*L,0*L,6046040*L,0*40*460,=60,=0*40*,=0*,=60E60E0*,=0*E0*E60 N60 N0*E0*T60T=6=660T6060=64=6460604604=6=66046060=6(=6(6060(60(=60=6060(600600=68=68600608608=6dA=6dA60860dA60dA=6I=6I60dA60I60I=6DR=6DR60I60=6D< D< =6=6 =6 D<D<=6 =6=6D C BCDEF ?@P ,$@ 0 ? N 1?"`pb,$ 0 B0xf12312 P   B C BCDEF ?P|9W@)| @   ,$@ 0B D @ ND ?a h Q,$@ 0  E  0e0e    BhCPDE(F   8c8c     ?1 d0u0@Ty2 NP'p<'pA)BCD|E|| PE=}90'+h @   "``H ,$D 0 F H  1?"`X  x ;B(2`B G *E(FTQ&UVWff8c0*`TM`TML`TL`T`+`T`TSRQ0Q(PMK0*80`+LL`T0*`TXD+0E+F+F`+F`+F*F0*F F FFR0EXD0X  R R    0* * `+ +X+0+XD+ L M R `T LLMR`TL@L@M@R@`T@LPLPMPRP`TPLLMR`TL"L"M"R"`T"L'L'M'R'`T'L+L+M+R+`T+L0L0M0R0`T0L(5L(5M(5R(5`T(5L8:L8:M8:R8:`T8:LH?LH?MH?RH?`TH?LCLCMCRC`TCLHLHMHRH`THLMLALLLML@/B7@/J4KJ4KB7@/B7'(@`@@@@@@@@@@@@@@@@@0*`T0*0*`T0* n F+computr4"`^ `B H *E(FTQ&UVWff8c0*`TM`TML`TL`T`+`T`TSRQ0Q(PMK0*80`+LL`T0*`TXD+0E+F+F`+F`+F*F0*F F FFR0EXD0X  R R    0* * `+ +X+0+XD+ L M R `T LLMR`TL@L@M@R@`T@LPLPMPRP`TPLLMR`TL"L"M"R"`T"L'L'M'R'`T'L+L+M+R+`T+L0L0M0R0`T0L(5L(5M(5R(5`T(5L8:L8:M8:R8:`T8:LH?LH?MH?RH?`TH?LCLCMCRC`TCLHLHMHRH`THLMLALLLML@/B7@/J4KJ4KB7@/B7'(@`@@@@@@@@@@@@@@@@@0*`T0*0*`T0* n F+computr4"`  I H8 1?"`   ;C(2H  0޽h ? ffD3fL@ TIMING$|44.7|5.5|21.|28.3___PPT10.)+\BD@' = @B D' = @BA?%,( < +O%,( < +D' =%(Dh' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*D %(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*E %(D' =%(Du' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*> %(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*? %(D4' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* g%(DY' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*B %(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*' %(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*4 %(+p+0+4  ++0+?  +]   uK0 \T (   ~  s * <@     c $" <  *vfF  Z 1?"`@HH  0޽h ? ffD3f___PPT10i.Ľ+D=' = @B +    uK0   0 P (   ~  s *, <      s *l"  Location-independent, flat, big namespace Hash of a public key These are called EIDs (e.g., 0xf12abc& ) Carried in packetsP*P P     P&iIZj8X  T" 1?" H u Y  eDOA hdr P   T Ԕ?"`  vB   NDԔ?  vB   NDԔ? vB  NDԔ? 22   TL"" 1?"    dIP hdr P  T&" 1?"    k transport hdr P   T\+" 1?"` <  @body (2  T/" 1?"    F source EID P   T 3" 1?"  o  Kdestination EID P   `G Ԕ?"`  P H  0޽h ? ffD3f___PPT10i.)+D=' = @B +(   uK0 | t p   (   ~  s *<:" <   "   s *=" 0= (Let hosts invoke, revoke off-path boxes .)' aARb8X  s *S"  ],$@ 0 bReceiver-invoked: sender resolves receiver s EID to An IP address or An EID or sequence of EIDs DOA header has destination stack of EIDs Sender-invoked: push EID onto this stack4,R (ff   ffff,[%*0(P  N Ԕ?"`* H ,$@ 0B  HDԔ?) @ ,$@ 0B  HDԔ?4 B ,$@ 0B  HDԔ?5 D ,$@  0$  NpK" 1?" H 0 ,$  0 dIP hdr P+  N<" 1?" H 0 ,$  0 k transport hdr P   N+B#style.visibility<* 4%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* 4E%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* E`%(Da' =%(D ' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* `%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<* %(D4' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* %(++0+ " ++0+ " ++0+ " ++0+ " ++0+ " +%X   uK0 --P!c ( 4-(   B   3 nE`FNQ&UVW}Ԕ))? XX6381-D81^ DS &{'LO^ D+ YL^0L8]T+ YL7Gn2H+IJ7GI:9]T:I:Q= qR&QJ 7JJ >:*;9>:+$.+] x!+] 6381$ 3-D^ D %D^0L8]TH+ YL^0L8]T7G@8Cn2H+IJI:B,= qR&N7#Q7JK J 7J>:8*;9+ +$ x!+ ] x!+$(,`C0*0*ITNT0*0* BCCloud#" `/    N ffԔ?"`Y~  s *" <   "    N Ԕ?"`m xY " T" 1? " V tDelegate IP: jJP  '  `Ќ" 1?"   gD $ T|" 1?" J  End-host EID: eh IP: ihP 4 T?$" Ԕ?"`>,$D 0 =j P ; NT" 1?"   =DHT 2T < Nh" 1?"`+ <,$  0  LOOKUP(eh)T P B > TDԔ? ,$D  0B ? ZDԔ? ,$@ 0 @ 3 X0e0e    B CDE(F A@  Ԕ 8c8c     ?1 d0u0@Ty2 NP'p<'pA)BCD|E|| \gl h   @   "`HP ,$@  0" B  0e0e    BCDEF   Ԕ 8c8c     ?1 d0u0@Ty2 NP'p<'pA)BCD|E||hGp +gg@  "`X  ,$D  0`B I *E(FTQ&UVWff8c0*`TM`TML`TL`T`+`T`TSRQ0Q(PMK0*80`+LL`T0*`TXD+0E+F+F`+F`+F*F0*F F FFR0EXD0X  R R    0* * `+ +X+0+XD+ L M R `T LLMR`TL@L@M@R@`T@LPLPMPRP`TPLLMR`TL"L"M"R"`T"L'L'M'R'`T'L+L+M+R+`T+L0L0M0R0`T0L(5L(5M(5R(5`T(5L8:L8:M8:R8:`T8:LH?LH?MH?RH?`TH?LCLCMCRC`TCLHLHMHRH`THLMLALLLML@/B7@/J4KJ4KB7@/B7'(@`@@@@@@@@@@@@@@@@@0*`T0*0*`T0* n F+computr4"`62 B K EF4QFUVWff8c`T*`T)*MM`T0*`T{P`T{PM`TM`T*MMA@M{PMMM pM yM ^M M J pJ yJ ^J J FpFyF^FFCpCyC^CC?p?y?^??;p;y;^;;8!p8!y8!^8!8!4%p4%y4%^4%4%1)p1)y1)^1)1)--p--y--^----*1p*1y*1^*1*1&5p&5y&5^&5&5#9p#9y#9^#9#9=p=y=^==ApAyA^AAEpEyE^EEMeN S`TMb Mb eNb Sb `Tb M M eN S `T MMeN S`TMMeN S`TM^M^eN^ S^`T^MMeN S`TMMeN S`TM!M!eN! S!`T!MY$MY$eNY$ SY$`TY$M'M'eN' S'`T'M*M*eN* S*`T*M.M.eN. S.`T.M0M0eN0 S0`T0M3M3eN3 S3`T3M+7M+7eN+7 S+7`T+7Mj:Mj:eNj: Sj:`Tj:M=M=eN= S=`T=M@M@eN@ S@`T@M&DM&DeN&D S&D`T&DMeGMeGeNeG SeG`TeGMJMJeNJ SJ`TJMMMMeNM SM`TMM^^kHkH''  &&))& #00C #C #95/O/OC95C95H?O?O*H*H?@ `@@O@r@@@@@@ 0*`T`T0*{P`T0*`T`T0*LVKT mmainfrm"`*B ( N"f Ԕ?"`` CProcess (2pB * HDԔ?x [ TD" 1? " q 0 Source EID: es IP: isP   \ s *<" g ,$D 0 \End-host replies to source by resolving es Authenticity, performance: discussed in the paperX]( (3 + T" 1?"  ,$ 0 B DOA Packet 2   T Ԕ?"`j ,$@ 0B  NDԔ?i<E ,$@  0B  @ NDԔ?l ,$@  0B  @ NDԔ?m | ,$@  0V  T" 1?"`t.t ,$  0  IP is jj P  ZL" 1?"`t | ,$  0 E transport P    Z" 1?"`q p ,$ 0 @body (2 ] T" 1?"`|H\ ,$ 0  DOA es eh  P a TX" fԔ?"` ?DOA (2  b T" 1?"`t | ,$ 0 E transport P  c N" 1?"`|H\ ,$ 0  DOA es eh~ PH  0޽h ? ffD3f)T TIMING8|47.9|12.4|3.5|14.1|4.1|30.1u)___PPT10U).)+wD1'' = @B D&' = @BA?%,( < +O%,( < +D3' =%(D' =%(DD' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*< %(D' =-s6Bwipe(left)*<3<*< D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*> %(D' =-s6Bwipe(left)*<3<*> D7' =%(D' =%(D9' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*? %(D' =-u6Bwipe(right)*<3<*? DF' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*4 %(D' =-u6Bwipe(right)*<3<*4 DF' =%(D' =%(D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*@ %(D' =-s6Bwipe(left)*<3<*@ D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*+ %(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*] %(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*b %(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*c %(D' =%(D' =%(D3' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*B %(D' =-o6Bwipe(up)*<3<*B D4' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*\ +%(D4' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*\ +]%(++0+4 4 ++0+< 4 ++0++ 4 ++0+ 4 ++0+ 4 ++0+ 4 ++0+] 4 ++0+b 4 ++0+c 4 +    uK0 @ (   ~  s * <      s * 4 hh,$@ 0 9SIncrementally deployable. Requires: Changes to hosts and middleboxes No changes to IP routers (design requirement) Global resolution infrastructure for flat IDs Recall core properties: Topology-independent, globally unique identifiers Let end-hosts invoke and revoke middleboxes Recall goals: reduce harmful effects, permit new functions x$~ (^; ($ ~ ^< ,9  =@ZjPxpH  0޽h ? ffD3fh& TIMING |42.72___PPT10.)+ED' = @B D' = @BA?%,( < +O%,( < +D' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* S%(+[   uK0 ZR (     c $84 <%vh  4 *vfF  Z 1?"`|  094  Outline:H  0޽h ? ffD3f___PPT10i.Ľ+D=' = @B +s   uK0 B8:8.8 0 7(  8 ~ 8 s *L4 <   4  8 N4 1?" r,$@ 0  eh (ih, Rules)Z  8 C BCxDE FԔ?x@ ,$D  0B  8 TDԔ?0 ,$D  0~  8 H ffԔ?"`i. 8 N ffԔ?"`Yp  I8 H(4 Ԕ?"`Vzt G Network Stack(2B W8 3 nE`FNQ&UVW}Ԕ))? XX6381-D81^ DS &{'LO^ D+ YL^0L8]T+ YL7Gn2H+IJ7GI:9]T:I:Q= qR&QJ 7JJ >:*;9>:+$.+] x!+] 6381$ 3-D^ D %D^0L8]TH+ YL^0L8]T7G@8Cn2H+IJI:B,= qR&N7#Q7JK J 7J>:8*;9+ +$ x!+ ] x!+$(,`C0*0*ITNT0*0* BCCloud#" `  8 N ffԔ?"`h n VR h8  0e0e    B CDE@F    Ԕ 8c8c     ?1 d0u0@Ty2 NP'p<'pA)BCD|E||@0y 8wS/bHx (   @     "` ,$@   0 8 N Ԕ?"` 2 i8  0e0e    BCDE(F   Ԕ 8c8c     ?1 d0u0@Ty2 NP'p<'pA)BCD|E|| IQhM$h @   "`H ,$@  0 ]8 T Ԕ? "`*  ` ,$@  0B _8 NDԔ? , Z ,$@d 0* a8 T4 1? "  R ,$d 0 disF(2 b8 T4 1? "  J ,$d 0 Oj2(2D c8 T4 1? "  5 J ,$d 0 ~esF(2 d8 T4 1? "  J ,$d 0  [eFW eh]  (2 N8 T Ԕ? "`* _ ` ,$@ 0B P8 ZD Ԕ? , Z ,$@ 0> S8 N̕4 1? "` R ,$ 0 ~ihF(2 R8 N T8 N\4 1? "` dA ,$ 0 ~esF(2$ U8 N4 1? "` BH ,$ 0 dehF(2$ l8 N<4 1?" ]T,$ 0 dehF(2s m8 N\ 1?"  # ,$D 0  l (2 n8 NM 1?"  cnC  F (2B D8 TDԔ?,$D   0B E8 TDԔ?NQ,$D   0? o8 N, 1?" iT2,$@ 0 eFWF(2? q8 N8! 1?" ,$ 0 eFWF(2 r8 NH% 1?" y,$  0 =j (2 s8 Nx) 1?"  p  =DHT 2{ w8 N, 1? "`y 8 Source EID: es IP: isP  `B x8 *E(FTQ&UVWff8c0*`TM`TML`TL`T`+`T`TSRQ0Q(PMK0*80`+LL`T0*`TXD+0E+F+F`+F`+F*F0*F F FFR0EXD0X  R R    0* * `+ +X+0+XD+ L M R `T LLMR`TL@L@M@R@`T@LPLPMPRP`TPLLMR`TL"L"M"R"`T"L'L'M'R'`T'L+L+M+R+`T+L0L0M0R0`T0L(5L(5M(5R(5`T(5L8:L8:M8:R8:`T8:LH?LH?MH?RH?`TH?LCLCMCRC`TCLHLHMHRH`THLMLALLLML@/B7@/J4KJ4KB7@/B7'(@`@@@@@@@@@@@@@@@@@0*`T0*0*`T0* n F+computr4"` y8 N6 1?" q0 DFirewall   {8 Hl: 1?"`Z ZEnd-host6 ~ ~8 H ffԔ?"`s r  8 N> 1?" p   nih6 2 8 NTC 1?"   @ Oj2 2. 8 NH 1?"  R xP EID: eFW\  8 HN 1?"`Z +  kEID: ehH 8 NR Ԕ?"`Zl *,$D 0 D Sign (MAC) (2   8  0e0e    BC8DEF   Ԕ 8c8c     ?1 d0u0@Ty2 NP'p<'pA)BCD|E||8 v@ "`p ,$D  0 H8 NW Ԕ?"`  ,$D 0 @Verify(2H 8 0޽h ? ffD3f:j TIMINGN|20.4|11.4|4.6|0.8|0.7|7.5|15.5|12.|7.3\:___PPT10<:.)+,D87' = @B D6' = @BA?%,( < +O%,( < +D' =%(Dh' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*8 %(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*m8