The Network is Reliable | ACM Queue

Peter Bailis (UC Berkeley), Kyle Kingsbury (Jepsen Networks); The Network is Reliable; In ACM. Queue; Volume 12, issue 7; 2014-07-23.



Named Data Networking (NDN)


  • Content Store (table)
  • Pending Interest Table (PIT)
  • Forwarding Information Base (FIB)
  • Data Packet
  • Interest Packet
  • thin waist
  • Data security (signing) at the thin waist.
  • Routers announce name prefixes.
  • Congestion collapse doesn’t occur
  • Sync
    • <quote ref=”here“>Built on top of NDN’s basic Interest-Data communication model, Sync utilizes naming conventions to enable multiple parties to synchronize their datasets by exchanging data digests, so that individual parties can discover and retrieve new and missing data in a most efficient and robust manner. We expect that Sync’s role in the NDN architecture will evolve to one similar to TCP’s in the IP architecture.</quote>

NDN Packets

NDN Node



  • An unbounded namespace => how to maintain control over the routing table sizes?
  • Can lookup of variable-length, hierarchical names can be done at line rate?
  • [They] are working on efficient signatures, usable trust management, network security, content protection and privacy.


  • BGP
  • IS-IS
  • OSPF


Via: backfill



  • Avery Pennarun <> via the README


  • iptables REDIRECT on client
  • multiplexer on server for outbound
  • multiplexer on client for inbound
  • <quote>sshuttle assembles the TCP stream locally, multiplexes it statefully over an ssh session, and disassembles it back into packets at the other end. So it never ends up doing TCP-over-TCP. It’s just data-over-TCP, which is safe.</quote>
  • <quote>After connecting to the remote server, sshuttle uploads its (python) source code to the remote end and executes it there. </quote>
  • <quote>Unlike most VPNs, sshuttle forwards sessions, not packets. That is, it uses kernel transparent proxying (`iptables REDIRECT` rules on Linux, or `ipfw fwd` rules on BSD) to capture outgoing TCP sessions, then creates entirely separate TCP sessions out to the original destination at the other end of the tunnel.</quote>
  • Merges Fast Forward, Double Vision, Tunnel Vision



  • Linux
  • python
  • root
  • iptables
  • redo (a make clone)


  • (ssh) shell access
  • python 2.3
  • not required
    • root
    • PermitTunnel in sshd_config


  • IPv6, the code seems to be IPv4 “dotted quad” only.




Software-Defined Networks (SDN)


  • Control Plane & Data Plane
  • OpenFlow Controllers
  • TLS (SSL) for secure communication with controllers
  • Tables
    • Flow Table
    • Meter Table
    • Group Table
  • Seems to subsume the concepts
    • VLAN
    • VPN
    • tunnel management
    • ipfilter (and all policy plugins)
    • unclear if it is scoped to subsume Layer 7 policies of AXCML
  • Applicability, OpenFlow operates
    • “other” protocols at Layer 3 through Layer 7.
    • MAC (Ethernet) on wired networks
    • does not operate on MAC (Layer 2) in wireless networks


From: William Stallings; Software-Defined Networks and OpenFlow; In The Internet Protocol Journal; Volume 16, No. 1; 2013-03.

3-tier architecture
From: Floodlight

Indigo Agent
From: Indigo Agent

Organizations & Institutions

Reference Implementations


Publications & Popularizations


From: Thomas D. Nadeau; IETF SDN standards emerge: Southbound protocols, NFV, service chains; In Some Trade Rag; 2013-07.


Already Noted

Software Defined Networking (SDN) versus Network Functions Virtualization (NFV)


  • Software Defined Networking (SDN)
  • Network Functions Virtualization (NFV)
  • Seems to be Enterprise Datacenter IT Culture (SDN) vs Big Telecom Culture (NFV)
  • Something vague about Intel and 40GbE or 100GbE through the rack, unto the server via photonics.
  • Concept (per NFV)
    • Separate Customer Premises Equipment (CPE) from “our network”; the big-telecom viewpoint.
    • Carrier Ethernet Demarcation Device.
    • Network Interface Device.

Camp: NFV

Camp: SDN


Via: backfill


Credits in the links …