diff options
Diffstat (limited to 'content/en/docs/Concepts/ouroboros-model.md')
-rw-r--r-- | content/en/docs/Concepts/ouroboros-model.md | 235 |
1 files changed, 235 insertions, 0 deletions
diff --git a/content/en/docs/Concepts/ouroboros-model.md b/content/en/docs/Concepts/ouroboros-model.md new file mode 100644 index 0000000..3b6cc31 --- /dev/null +++ b/content/en/docs/Concepts/ouroboros-model.md @@ -0,0 +1,235 @@ +--- +title: "The Ouroboros model" +author: "Dimitri Staessens" + +date: 2020-04-07 +weight: 2 +description: > + Computer Network fundamentals +--- + +``` +Computer science is as much about computers as astronomy is +about telescopes. + -- Edsger Wybe Dijkstra +``` + +The model for computer networks underlying the Ouroboros prototype is +the result of a long process of gradual increases in my understanding +of the core principles that underly computer networks, starting from +my work on traffic engineering packet-over-optical networks using +Generalized Multi-Protocol Label Switching (G/MPLS) and Path +Computation Element (PCE), then Software Defined Networks (SDN), the +work with Sander investigating the Recursive InterNetwork Architecture +(RINA) and finally our implementation of what would become the +Ouroboros Prototype. The way it is presented here is not a reflection +of this long process, but a crystalization of my current understanding +of the Ouroboros model. + +During most of my PhD work at the engineering department, I spent my +research time on modeling telecommunications networks and computer +networks as _graphs_. The nodes represented some switch or router -- +either physical or virtual --, the links represented a cable or wire +-- again either physical or virtual -- and then the behaviour of +various technologies were simulated on those graphs to develop +algorithms that analyze some behaviour or optimize some or other _key +performance indicator_ (KPI). This line of reasoning, starting from +_networked devices_ is how a lot of research on computer networks is +conducted. But what happens if we turn this upside down, and develop a +_universal_ model for computer networks starting from some very basic +elements? + +### Two defining elements + +The Ouroboros model postulates that there are only 2 possible methods +of distributing packets in a network layer: _FORWARDING_ packets based +on some label identifying a node[^1], or _FLOODING_ packets on all +links but the incoming link. + +We call an element that forwards a __forwarding element__, +implementing a _packet forwarding function_ (PFF). The PFF has as +input a destination label (in graph theory, a _vertex_), and as output +a set of output links (in graph theory, _arcs_) on which the incoming +packet with that label is to be forwarded on. The destination label +needs to be in a packet header. + +We call an element that floods a __flooding element__, and it +implements a packet flooding fuction. It is completely stateless, and +has a input the incoming arc, and as output all non-incoming +arcs. This is all local information, so packets on a broadcast layer +do not need a header at all. + +Peering relationships are only allowed between forwarding elements, or +between flooding elements, but never between a forwarding element and +a flooding element. We call a connected graph consisting of nodes that +hold forwarding elements a __unicast layer__, and similary we call a +connected _tree_[^2] consisting of nodes that house a flooding element +a __broadcast layer__. + +The objective for the Ouroboros model is to hold for _all_ packet +networks; our __conjecture__ is that __all functioning packet-switched +network technologies can be decomposed into finite sets of unicast and +broadcast layers__. Unicast and broadcast layers can be easily found +in TCP/IP, Recursive InterNetworking Architecture (RINA), Delay +Tolerant Networks (DTN), Ethernet, VLANs, Loc/Id split (LISP),... +[^3]. The Ouroboros _model_ by itself is not recursive. What is known +as _recursive networking_ is a choice to use a single standard API to +interact with all unicast layers and a single standard API to interact +with all broadcast layers[^4]. + +### The unicast layer + +A unicast is a collection of interconnected forwarding elements. A +unicast layer provides a best-effort unicast packet service between +two endpoints in the layer. We call the abstraction of this +point-to-point unicast service a flow. A flow in itself has no +guarantees in terms of reliability [^5]. + +{{<figure width="70%" src="/docs/concepts/unicast_layer.png">}} + +A representation of a unicast layer is drawn above, with a flow +between the _green_ (bottom left) and _red_ (top right) forwarding +elements. + +The forwarding function operates in such a way that, given the label +of the destination node (in the case of the figure, a _red_ label), +the packet will move to the destination node (_red_) in a _deliberate_ +manner. The paper has a precise mathematical definition, but +qualitatively, our definition of _FORWARDING_ ensures that the +trajectory that packets follow through a network layer between source +and destination + +* doesn't need to use the 'shortest' path +* can use multiple paths +* can use different paths for different packets +* can involve packet duplication +* will not have loops[^6] [^7] + +### The broadcast layer + +A broadcast layer is a collection of interconnected flooding +elements. The nodes can have either, both or neither of the sender and +receiver role. A broadcast layer provides a best-effort broadcast +packet service from sender nodes to all (receiver) nodes in the layer. + +{{<figure width="70%" src="/docs/concepts/broadcast_layer.png">}} + +Our simple definition of _FLOODING_ -- given a set of adjacent links, +send packets received on a link in the set on all other links in the +set -- has a huge implication the properties of a fundamental +broadcast layer: the graph always is a _tree_, or packets could travel +along infinite trajectories with loops [^8]. + +### Building layers + +We now define the fundamental operations on packet network +layers. These operations can be implemented through manual +configuration or automated protocol interactions. They can be skipped +(no-operation, (nop)) or involve complex operations such as +authentication. + +The construction of (unicast and broadcast) layers involves 2 +fundamental operations: adding a node to a layer is called +_enrollment_. Enrollment prepares a node to act as a functioning +element of the layer, exchanging the key parameters for a layer. It +can involve authentication, and setting roles and permissions. After +enrollment, we may add peering relationships by creating adjacencies +between forwarding elements in a unicast layer or between flooding +elements in a broadcast layer. We termed this _adjacency +management_. The inverse operations are called _unenrollment_ and +_tearing down_ adjacencies between elements. + +Operations such as merging and splitting layers can be decomposed into +these two operations. This doesn't mean that merge operations +shouldn't be researched. To the contrary, optimizing this is +instrumental for creating networks practical on a global scale. + +It is immediately clear that these operations are very broadly +defined, and can be implemented in a myriad of ways. The main +objective of these definitions - and the Ouroboros model as a whole -- +is to separate __mechanism__ (the _what_) from __policy__ (the _how_) +so that we have a _consistent_ framework for _reasoning_ about +protocols and functionality in computer networks. + +### Under construction ... + + +[^1]: This identifier can be thought of as an address, the identified + node is a _forwarding element_. + +[^2]: A tree is a connected graph with N vertices and N-1 edges. + +[^3]: I've already explored how some technologies map to the Ouroboros + model in my blog post on + [unicast vs multicast](/blog/2021/04/02/how-does-ouroboros-do-anycast-and-multicast/). + +[^4]: Of course, once the model is properly understood and a + green-field scenario is considered, recursive networking is the + obvious choice, and so the Ouroboros prototype _is_ a recursive + network. + +[^5]: This is where Ouroboros is similar to IP, and differs from RINA. + RINA layers (DIFs) aim to provide reliability as part of the + service (flow). We found this approach in RINA to be severely + flawed, preventing RINA to be a _universal_ model for all + networking and IPC. RINA can be modeled as an Ouroboros network, + but Ouroboros cannot be modeled as a RINA network. I've written + about this in more detail about this in my blog post on + [Ouroboros vs RINA](/blog/2021/03/20/how-does-ouroboros-relate-to-rina-the-recursive-internetwork-architecture/). + +[^6]: Transient loops are loops that occur due to forwarding functions + momentarily having different views of the network graph, for + instance due to delays in disseminating information on + unavailable links. + +[^7]: Some may think that it's possible to build a network layer that + forwards packets in a way that _deliberately_ takes a couple of + loops between a set of nodes and then continues forwarding to + the destination, violating the definition of _FORWARDING_. It's + not possible, because based on the destination address alone, + there is no way to know whether that packet came from the loop + or not. _"But if I add a token/identifier/cookie to the packet + header"_ -- yes, that is possible, and it may _look like that + packet is traversing a loop_ in the network, but it doesn't + violate the definition. The question is: what is that + token/identifier/cookie naming? It can be only one of a couple + of things: a node, a link or a layer. Adding a token and the + associated logic to process it, will be equivalent to adding + nodes to the layer (modifying the node name space to include + that token) or adding another layer. In essence, the + implementation of the nodes on the loop will be doing something + like this: + + ``` + if logic_based_on_token: + # behave like node (token, X) + else if logic_based_on_token: + # behave like node (token, Y) + else # and so on + ``` + + When taking the transformation into account the resulting + layer(s) will follow the fundamental model as it is presented + above. Also observe that adding such tokens exponentially + increases the address space in the fundemental representation, + ensuring that such approaches inherently can't scale. + +[^8]: Some may think that it's possible to broadcast on a non-tree + graph by pruning in some way, shape or form. There are two + things to consider. First, if the pruning is done to eliminate + links in the graph, let's say in a way that STP prunes links on + an Ethernet or VLAN, then this is operation is equivalent + creating a new broadcast layer. We call this enrollment and + adjacency management. This will be explained in the next + sections. Second is adding the name of the (source) node plus a + token/identifier/cookie as a packet header in order to detect + packets that have traveled in a loop, and dropping them when + they do. This is pulling the wool over ones eyes in a similar + way as in [^6]. This solution can be transformed into a + fundamental broadcast layer by again considering the (token, + node name) space as the new name space and redrawing the graph, + in which the "cut off loops" will be arms in the tree. In the + same way as for unicast layers with loops, this will be an + exponential increase in the number of nodes in the representing + broadcast tree when compared to the starting graph, indicating + again that this kind of solution can not scale. |