This site is an information source on research towards the separation of domain wide routing from edge traversal routing and switching. We argue that switched edge allows to rebalance the interests of the sender and the receiver by introducing an explicit trust model to Internet communications. In Domain wide routing a particular contribution is routed Ethernet domain technologies. We have also started work on SCION for the wide area. Edge Traversal is seen as a switching and an on-demand routing task. The key requirement for edge traversal is enhancing trust between the communicating networks, hosts and users. In addition, scalability and reliability are important. Smooth migration of legacy applications onto the new environment is seen as a definite requirement that needs to be met. A key constraint is deployment one network at a time.
For edge traversal we propose a new technology we call Customer Edge Switching (CES). CES devices are proposed as replacements of Network Address Translators (NAT) and new types of Firewalls. A CES node is a cooperative firewall in the sense that prior to the final drop/admit decision it can issue queries to the firewall of the remote edge as well as to other servers. It can also push attacker restraining requests to the remote firewall. For legacy IP interworking, a CES device can have a Realm Gateway (RGW) that allows legacy IP senders to send packets to a host in a private realm. Naturally, the RGW can act as a regular NAT device when a private host communicates with a server in a globally unique address.
CES proposes to use IP and or other addresses as routing locators, and domain names for identification. Communications uses private addresses of hosts, globally unique addresses for core routing and for those servers that need them, globally unique names and Identifiers of different types for trust establishment. I.e. CES implements an ID/locator split architecture.
RE2EE is a future Internet architecture that separates end to end communication from packet forwarding in the core network. For packet forwarding different technologies such as IPv4, IPv6, IP/MPLS, variants of Ethernet or SCION can be used. The architecture separates customer networks from the core. Routing in customer networks or traversal of the customer edge has no impact on routing in the core network because packets are tunnelled over the core. The edge traversal in CES does not require any polling. Reachability of a host in a private address space served by CES is fully controlled by policy. This is particularly beneficial to wireless battery powered devices as well as wireless access. Another benefit of CES is that eliminating source address spoofing and curbing DDoS become the responsibility of the receiver’s edge policy which aligns the costs and benefits in these network functions.
Tunneling based edge naturally ties with ID/locator split and establishing a chain of trust host to edge to edge to host. Besides defensive means for security and trust, we propose to create a proactive system of trust management for the global Internet. The objective of Internet wide trust management is to make unwanted traffic sending non-viable as a business.
While the end result is a clean slate architecture in terms of the mindset, we explore and publish solutions that make it possible to smoothly deploy re2ee and the trust solutions in a step-wise manner: one network at a time. For policy sourcing and management we propose automated tools.
All comments are welcome! Preferably by electronic mail (Subject: Re2ee-comment) to raimo dot kantola at aalto dot fi.