Named Data Networking (NDN) is a common network protocol for all applications and network environment. NDN's network layer protocol runs on top of a best-effort packet delivery service, which includes physical channels such as Ethernet wires, and logical connections such as UDP or TCP tunnels over the existing Internet. Using this underlying connectivity, NDN provides a content retrieval service, which allows applications to fetch uniquely named "Data packets" each carrying a piece of data. The "data" could be practically anything: text file chunks, video frames, temperature sensor readings ... they are all data. Likewise, a packet in a lower layer network protocol, such as an Ethernet frame, is also a piece of data. Therefore, it should be possible to encapsulate Ethernet traffic into NDN Data packets, and establish a Virtual Private Network (VPN) through NDN communication. This post describes the architecture of a proof-of-concept Ethernet-over-NDN tunneling program, and shows a simple performance benchmark over the real world Internet.
tap-tunnel creates an Ethernet tunnel between two nodes using NDN communication.
Each node runs an instance of
This program collects packets sent into a TAP interface, and turn them into NDN packets.
It then gains NDN connectivity by connecting to the local NDN Forwarding Daemon (NFD).
The diagram below shows the overall architecture:
IP app IP app | | IP stack tap-tunnel tap-tunnel IP stack | / \ / \ | TAP interface NFD NFD TAP interface | | UDP UDP | | global NDN testbed
tap-tunnel requires existing NDN reachability between the two nodes.
Each node must have a globally routable NDN prefix, so that a
tap-tunnel instance can send an Interest to the other instance.
This reachability can be established with auto prefix propagation.