Session-Based MobilityAn End-to-End Approach

Alex C. Snoeren

MIT Laboratory for Computer Science(with Hari Balakrishnan, Frans Kaashoek, and Jon Salz)

An Example: SSH Session

• Remote log in / port forwarding Provides secure remote communication Data compressed and encrypted as a stream

SSHd

shell

elm

Xapp

serverclient

ssh

Today’s Network Abstraction

• System provides a connection service Binds [<IP, port>, <IP, port>] tuple

• Any change invalidates the connection• No support for periods of disconnectivity

<18.31.0.139, 2345> <169.229.60.64, 22>

SSHClient

TCP IPSSH

ServerTCPIP

Each application must perform ad-hocrecovery and disconnection management, or fail

Mobile Networking Challenges

1. Changing end points Change in node attachment point Multi-homing (multiple network interfaces) Readdressing: DHCP renewal, NAT crash, etc.

2. Internet “Suspend/Resume” Wireless device goes out of range Save device power or connectivity costs Transient Internet connectivity outage

Complete solution needs to address both

Current Approaches

• Only solve half the problem Mobile IP, VIP, Physical Media Independence, … MSOCKS, SLM, Application check-pointing, …

• Don’t support intelligent adaptation Rocks, Mobile sockets, Mobile file systems, …

• Use application-specific point solutions RTSP, SCTP, SIP multimedia calls, … Web shopping carts, J2EE servlets, … HTTP range requests, FTP restart points, …

Reconsider System Abstraction

• Many applications create “sessions” Long-lived: collections of connections Entity of processing and resource allocation

• Can we provide a useful system abstraction? Flexible enough for different users, applications Efficient to implement, leverage shared resources Easy to use, but backwards compatible

Session is the salient mobility entity

1, 2, 3… Mobility

1. System Session Abstraction [SBK’01] Collaborative management of end point changes Support for unmodified legacy apps [SaSB’02]

2. Preserving Reliable Connections TCP connection migration [SB’00]

3. Session Continuations [SSaBK’02] Application-guided disconnection handling System support for long-lived sessions [SAB’01]

Goals: Minimally Invasive

• Overhead only on mobility events

• As secure as non-mobile situations

• Require no infrastructure support Demonstrate pure end-to-end solution Deployable via proxies if desired

• Enable intelligent session adaptationTransparency is always an option

Managing Changing End Points

• Applications handle discovery Lots of ways to resolve to <IP, port> pair

• User specifies local network policy Different users, different choices

• System manages tracking Clear semantics, scalable, and efficient

End-to-End Session Tracking

Discovery Service(e.g., Dynamic DNS)

Mobile Nodefoo.bar.edu

Discovery Query(e.g., DNS Lookup)

Session Initiation

xxx.xxx.xxx.xxx

CorrespondentNode

Discovery Update(e.g., DNS Update)

Session Update<xxx.xxx.xxx.xxx, P>

<yyy.yyy.yyy.yyy, Q>

yyy.yyy.yyy.yyy

System Session Abstraction

• Set of network connections to remote end point All involved in single

collaborative activity

• Application identifies end points, initiates connections

• System manages tracking Maintains semantics of

reliable protocols Exposes changes to apps

that register interest

/* Find remote end point */dhost = gethostbyname(dst);/* Validate remote end point */daddr = valid_address(dhost);

/* Create a new session */sid = session_create(flags, …);

/* Specify end points discovery */set_lookupfunc(sid, gethostbyname,

dst, hostname);

/* Create two connections */connect(a, daddr, …);add_connection(sid, a);connect(b, daddr, …);add_connection(sid, b);

/* Register interest in changes */register_handler(sid, mobhandler);

session_create()add_connection()

Robust Session Management

Established LostConnecting Migrating

Frozen

Mobility Daemon

Se

ssio

n L

aye

r

App

NotSupported

Diffie-Hellman Key ExchangeChallenge/Response Protocol

C, P C, P

Po

licy

En

gin

e

Mobility Daemon

Se

ssio

n L

aye

r

App

Po

licy

En

gin

e

Dynamic Library Interposition

LegacyApplication

libmigrate

Kernel

connect(…) fd

MigrateDaemon

sid = session_create();add_connection(sid, …);

Session Handle

libc

connect(…)

syscall(connect,…)

fd

fd

SessionEstablishment

• Intercept POSIX API Wrap each connection in its

own session

PART 1

• Problem: Track changing end points

• Solution: System session abstraction

PART 2

• Problem: Preserve reliable connections

• Solution: TCP Migrate Options

PART 3

• Problem: Internet “Suspend/Resume”

• Solution: Session continuations

Connection Preservation

• Provide stable view of dynamic kernel socket• But what about reliable connections?

User level: Double buffer, session layer re-sync Full access: Extend transport protocol

KernelApp Kernel App

SessionLayer

SessionLayer

SYN 0

ACK 1

Transmission Control Protocol

• The reliable protocol 91% of all bytes, 83% of

all packets [CAIDA ’00] SSH, FTP, HTTPS,

telnet, IMAP, SMTP, etc.

• SYN/ACK handshake Negotiates options,

sequence space

• Reliable transport In-order delivery Retransmits lost data

ACK 2

DATA 1

ACK 3

DATA 2

DATA 2

SYN 0 / ACK 1

TCP Connection Migration

• Resume previous connection with new one Provide special Migrate TCP option Sent on SYN packets of new connection

• Preserve buffers and sequence space Retransmission engine just works Compatible with SACK, FACK, Snoop…

• Entirely backwards compatible

TCP ConnectionMigration

1. Initial SYN

2. SYN/ACK

3. ACK (with data)

4. Normal data transfer

5. Migrate SYN

6. Migrate SYN/ACK

7. ACK (with data)

SYN 0

ACK 1

SYN 0 / ACK 1

fixedmobile

(MigrateOK, …)

(MigrateOK, …)

1.

3.

SYN 22(Migrate T, …)

5.

ACK 48 7.

2.

SYN 46 / ACK 23 6.

DATA 47ACK 23

4.

DATA 22ACK 47

TCP StateMachineChanges

MIGRATE_WAIT2MSL timeout

recv: SYN (migrate T, R)

send: SYN, ACK

• 2 new transitions between existing states

- and -• 1 new state

handles pathological race condition

recv

: S

YN

(m

igra

te T

, R)

sen

d:

SY

N, A

CK

recv

: RST

appl:

migrat

e

send: S

YN (migr

ate T

, R)

Migration Trace

SYN/ACK

BufferedPackets

(old address)

Migrate SYN

A Lossy Trace with SACK

SYN/ACK

Migrate SYN

BufferedPackets

(old address)

ACKw/SACK

PART 1

• Problem: Track changing end points

• Solution: System session abstraction

PART 2

• Problem: Preserve reliable connections

• Solution: TCP Migrate Options

PART 3

• Problem: Internet “Suspend/Resume”

• Solution: Session continuations

Internet Suspend/Resume

• Intelligent disconnection handling Buffer otherwise lost communications Emulate remote services locally Release resources while disconnected

• Graceful resumption handling Reallocate resources and restore state Adapt to new network conditions Indicate how to resume processing

Motivating Continuations

• Observation: complete context inappropriate Some previous state irrelevant, or, even worse, Invalidated due to change in conditions (C.f. TCP Connection state)

• Similar problem in programming languages Block when state and context is complex Pass continuation if state and context is small

• Continuations can request blocking behavior

Using Continuations

User level

App

Kernel

SL

• Expand session notion Align with application Annotate state, resources, associated computation Include system state

• Provide synchronization and preservation assistance Shared attribute/value store Persist local system IPC, file descriptors

• System invokes continuation at session resumption Generated in response to disconnection notification

Conserving Session Resources

SSHd

emacs

SocketBuffers

NetworkPorts

OpenFiles

Kernel

Resources dedicated toactive session

>>Resources dedicated to

suspended session

Release systemresources as well

Continuation generation is recursive!

SSH Continuation

• Don’t suspend until it’s convenient Process pending data, deliver to app or network

• Only a minimum of state to preserve Auth, crypto, and compression state Preserve IPC to child processes

• Notify child processes of disconnection Tunneled apps share connectivity fate

Added ~250 LOC in an afternoon

Continuation Efficiency

Anecdotal evidence of size and speed

SSHd FTPd0

200

400

600

800

1000

1200

1400

1600

1800

2000

Mem

ory

Usa

ge (

KB

)

0

50

100

150

200

250

300

Res

tart

Lat

ency

(m

sec)

SSHd FTPd

System Resources

Shared Pages

Non-Shared Pages

Startup Latency

Session Overhead

SessionContinuation

Continuation Solution Spectrum

• Fast TCP handoff One RTT

• Normal movement Four RTTs + re-sync

• Suspend/Resume Complete flexibility

Control Channel SYN

Response

Challenge

Data SYN

Data SYN/ACK

Control Channel SYN/ACK

Request

Continuation Info

Resumed connection

+

Conclusion & Future Directions

• Sessions are viable system abstractions Useful, flexible, and easy to use Admit robust, efficient implementation

• Continuations enable “suspend/resume”

• Useful for mobility across hosts? Continuations eliminate dependencies An area for future exploration…