yoursunny blog
computer, Internet, and life

Issue Your Own NDN Certificates

Junxiao Shi
last updated

UPDATE 2021-06-03: NDN certificate format changed since ndn-cxx 0.5.0. Certificate names in this article are following a previous version of certificate format specification. Nevertheless, the basic concepts are still applicable.

To publish contents into a Named Data Networking (NDN) backbone network, you need to connect your NFD end host to the NDN Testbed, run a local producer application, and let the world reach your NFD through Automatic Prefix Propagation. However, a limitation with NDN Forwarding Daemon (NFD)'s Automatic Prefix Propagation is that, the prefix registered toward your end host is always the identity name of your certificate. While this works fine when you only have one or two machines, two problems arise when you want to deploy multiple end hosts:

  • Every certificate request needs an email verification and manual approval process, which is inconvenient. Or, you can copy your certificate and private key onto every machine, but in case any of these machines is compromised, your one and only private key will be exposed.
  • Certificates requested with the same email address have the same "identity name" and hence Automatic Prefix Propagation would register the same prefix. Unless all your machines serve the same contents, registering the same prefix toward all machines hurts network performance because the router has to rely on flooding and probing to figure out which of your machines serves a certain piece of content.

The solution is to issue your own NDN certificates, and let the world trust them.

The Hierarchical Trust Model

(read more)

Let the World Reach Your NFD

Junxiao Shi
last updated

UPDATE 2021-11-15:

  • nfdc command syntax changed since NFD 0.6.0, in which nfdc register has been renamed to nfdc route add, but the underlying protocol remains the same. If you want to follow along, type nfdc route add in place of nfdc register.
  • remote-register-prefix command is replaced by register-prefix-remote. If you want to follow along, type ndn6-register-prefix-remote in place of remote-register-prefix.
  • The command output may be different.

Named Data Networking (NDN) is a potential future Internet architecture designed as a distribution network. My last post described how to connect an end host running NDN Forwarding Daemon (NFD) to the NDN Testbed, a backbone NDN network for research purposes, and retrieve contents from that network. An equally important topic is: how can you publish contents into the backbone network?

As mentioned in the last post, NDN communication is receiver driven. Interests expressed by the consumer application are forwarded toward the producer following the routing table, and Data packets carrying contents flow back on the reverse path of Interests. Every end host and router along the path between consumer and producer needs to have a route in its routing table, so that NFD can forward the Interest, hop by hop, toward the producer. On your own machine, nfdc register command adds a route to the routing table; however, if you want to publish contents into the backbone network and make them available for others to retrieve, you won't be able to directly execute nfdc register command on a terminal of the routers. How can you add a route without console access?

(read more)

NDN hackathon proposal: Clock setup for devices without hardware RTC

Junxiao Shi

This is one of the proposals I submitted to the first Named Data Networking hackathon.

Motivation

Certain cheap devices, most notably the Raspberry Pi, comes without a hardware Real Time Clock (RTC), and relies on Network Time Protocol (NTP) to setup its clock during system boot. NTP is an IP based protocol which would not work in a pure NDN network. It's necessary to define an NDN based protocol for clock setup.

Approach

protocol design and demo system

(read more)

Get NFD Connected

Junxiao Shi
last updated

UPDATE 2021-06-01: nfdc command syntax changed since NFD 0.6.0. This article has been updated to include the new syntax.

Named Data Networking (NDN) is a potential future Internet architecture designed as a distribution network. My last post described how to deploy NDN Forwarding Daemon (NFD) on a low end box. Now it's time to get it connected.

The procedures and experiences in this post are applicable to any NDN node. If you aren't using a low end box, you may follow the official guide to install binary packages or compile from source. This post assumes you have ndn-cxx, nfd, and ndnping installed. You need access to two machines with NFD running; they are referred to as "local" and "remote".

Connect to Another Machine

After installing NFD on your machine, you can connect to any other machine running NFD. Although NDN can run natively above Ethernet, there isn't a global scale native NDN network yet because NDN is still in its early stage. Instead, NDN can run as an overlay network above traditional IP network. You can specify the IP address and port number of the remote NFD, so that NDN packets are encapsulated into UDP or TCP packets and sent to the remote NFD.

(read more)

Deploy NDN Forwarding Daemon in Low End Box

Junxiao Shi

Named Data Networking (NDN) is a future Internet architecture designed as a distribution network. To access NDN network from a Linux or OSX machine, one can install NDN Platform, a collection of software packages including the protocol stack and critical applications. NDN Forwarding Daemon (NFD), a core component of the architecture, serves as a software router and runs both on network routers as well as on end hosts to communicate with routers.

NDN Platform has new version releases periodically, and binary packages are provided with each platform release. However, the development of NDN software, including NFD, happens much faster than platform releases. If one wants to run bleeding edge software, those packages must be built from source code available on GitHub.

As a geeky low end box user, I'm thinking: can I run NDN platform on a Linux box with a small amount of memory? The box I'm talking about is an OpenVZ container from LowEndSpirit UK location, with only 128MB memory and no swap space. To make the challenge more interesting, I want to avoid apt-get, and run bleeding edge version built from source code.

Building on the Box

I quickly installed compilers and dependencies (such as libboost-all-dev which takes several minutes to download) with apt-get, and cloned the git repositories for NFD and other essential NDN Platform packages. Given that the box has small memory and slow CPU, I can expect the compilation process to take a few hours, just like 8 years ago when I was compiling Apache on a library computer.

(read more)

Faster Content Distribution with Content Addressable NDN Repository

Junxiao Shi

The effectiveness of universal caching in Named Data Networking depends on data naming. NDN routers cannot identify duplicate contents published under different Names. This paper proposes an enhancement to NDN repository so that duplicate contents could be identified by their hash, in order to save bandwidth and shorten download completion time. The repository indexes Data packets not only by Name, but also by hash of payload. Client applications could retrieve chunks by hash from a nearby neighbor. Therefore, the same payload does not have to traverse the Internet twice. Our evaluation shows that total download time for two Linux Mint disc images is reduced by up to 38%.

Download full report as PDF
Browse code repository

(read more)

How do I deploy my website on NDN?

Junxiao Shi

As a website owner, I'm always thinking about making my website available on more channels, so I enabled IPv6 several years ago. NDN comes to my eye as a new "content distribute model" and "communicate protocol". It's natural for me to think about: how do I deploy my website on NDN?

Like most small websites, my website runs mainly on HTTP. Visitors issue GET requests to retrieve pages and resources, which is essentially static but may change at any time. They issue POST requests to interact with web applications, or play with JavaScript-based web applications. I used to provide file downloading through FTP or BitTorrent (but it's now on SkyDrive). I'm collecting statistics with Google Analysis, and an accurate report is important to me. To sum up, I have 5 scenarios:

  1. retrieve pages and resources;
  2. server-based web applications;
  3. JavaScript-based web application;
  4. file downloading;
  5. analysis.

File downloading is the easiest one on NDN. Once a file is published, I would not modify it without using a new name. So, publishing files under a NDN prefix is sufficient. By adding a segmentation component in data names, visitors can download a piece of a file, which is similar to BitTorrent.

Retrieving pages and resources is similar to file downloading, except that pages may change at any time. I don't know when a page will change, so I cannot specify an expiry time when the page was served. In HTTP, user agents can include a If-Modified-Since header, and server would respond with 304 status code if page is not modified without sending the content. In NDN, I can add a version component in data names, so user agents can INTEREST locally-cached version number with RightmostRightSibling annotation.

(read more)