Yingdi Yu | f93e6ba | 2014-08-15 10:20:16 -0700 | [diff] [blame^] | 1 | =============== |
| 2 | Design Document |
| 3 | =============== |
| 4 | |
| 5 | Terminology |
| 6 | =========== |
| 7 | |
| 8 | User |
| 9 | an user which participates in the synchronization. |
| 10 | An user is uniquely identified by a namespace, e.g., ``/ndn/ucla/alice``. |
| 11 | |
| 12 | Session |
| 13 | an instance of a user in the synchronization group. |
| 14 | A session is uniquely identified by the namespace of the user and a sessionId: |
| 15 | |
| 16 | /<user_namespace>/[SessionId] |
| 17 | |
| 18 | The sessionId is encoded as `NDN-TLV nonNegativeInteger |
| 19 | <http://named-data.net/doc/ndn-tlv/tlv.html#non-negative-integer-encoding>`_. |
| 20 | A user can publish the data packets to synchronize under the session namespace. |
| 21 | |
| 22 | A user may have more than one sessions in a synchronization group. |
| 23 | For example, one may join the synchronization through two sessions, |
| 24 | one from his mobile phone and the other from his laptop. |
| 25 | Each session is handled independently, even when two sessions belong to the same user. |
| 26 | |
| 27 | Entity |
| 28 | the process who runs a session. |
| 29 | It could be a chatroom process running on end host machine. |
| 30 | |
| 31 | Sequence Number |
| 32 | Data packets published in the same session are indexed by continuous sequence numbers starting |
| 33 | from 0. |
| 34 | |
| 35 | /<user_namespace>/[SessionId]/[SeqNo] |
| 36 | |
| 37 | The sequence number is encoded as `NDN-TLV nonNegativeInteger |
| 38 | <http://named-data.net/doc/ndn-tlv/tlv.html#non-negative-integer-encoding>`_. |
| 39 | The latest status of a session is represented by its largest sequence number. |
| 40 | |
| 41 | Synchronization Group |
| 42 | consists of several sessions which synchronize their latest status with each other. |
| 43 | A sync group has its own namespace under which sessions publish their status updates. |
| 44 | The namespace is constructed by concatenating a multicast prefix and the group name |
| 45 | (as one component). |
| 46 | For now, the multicast prefix is temporarily defined as |
| 47 | |
| 48 | /ndn/broadcast/[AppName] |
| 49 | |
| 50 | e.g., ``/ndn/broadcast/ChronoChat``. |
| 51 | And a sync group name is defined as |
| 52 | |
| 53 | /ndn/broadcast/[AppName]/[GroupName] |
| 54 | |
| 55 | e.g., ``/ndn/broadcast/ChronoChat/letschat``. |
| 56 | It is recommended to make group name unique. |
| 57 | When two sync groups accidentally use the same group name, |
| 58 | they may interfere each other's synchronization process. |
| 59 | Eventually, this problem should not exist when sync-interests can be authenticated. |
| 60 | |
| 61 | Data Structure |
| 62 | ============== |
| 63 | |
| 64 | Sync Tree |
| 65 | a data structure which represents the knowledge of the sync group. |
| 66 | |
| 67 | A sync tree has two levels: root and leaves. |
| 68 | Each leaf represents a session and is supposed to contain the latest sequence number of the session. |
| 69 | Leaves are ordered according to `Canonical Order |
| 70 | <http://named-data.net/doc/ndn-tlv/name.html#canonical-order>`_). |
| 71 | |
| 72 | The sync tree is summarized by a root digest. |
| 73 | Suppose that *n* leaves are canonically ordered and |
| 74 | that the session name and sequence number of the *i*-th node is denoted by *N*\ :sub:`i`\ and |
| 75 | *S*\ :sub:`i`\, the root digest is calculated as: |
| 76 | |
| 77 | digest = H(H(N\ :sub:`0`\ | S\ :sub:`0`\ ) | H(N\ :sub:`1`\ | S\ :sub:`1`\ ) | ... | H(N\ :sub:`n-1`\ | S\ :sub:`n-1`\ )) |
| 78 | |
| 79 | Entities synchronize the their knowledge about the sync group in terms of exchanging the root digest |
| 80 | of their sync tree. |
| 81 | |
| 82 | Security Assumption |
| 83 | =================== |
| 84 | |
| 85 | We first assume that routing prevents malicious attacker from the multicast group, |
| 86 | i.e., malicious attackers cannot receive sync-interests. |
| 87 | |
| 88 | Trust model is left to the upper layer applications. |
| 89 | |
| 90 | Knowledge Synchronization |
| 91 | ========================= |
| 92 | |
| 93 | Normal Case |
| 94 | ----------- |
| 95 | |
| 96 | An entity keeps an outstanding **sync-interest** which carries the current root digest of its sync |
| 97 | tree: |
| 98 | |
| 99 | /ndn/broadcast/[AppName]/[GroupName]/[Digest] |
| 100 | |
| 101 | With SHA-256 hash function, the digest is a 32-byte name component. |
| 102 | When the tree is empty, the digest is |
| 103 | ``e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855``, |
| 104 | which is a digest with empty input. |
| 105 | |
| 106 | The sync-interest will multicast to all entities in the sync group. |
| 107 | When every entity has the same knowledge, the root digest of their sync trees should be the same. |
| 108 | The sync-interests will be aggregated in the network, and their forwarding states in routers |
| 109 | constitute a multicast tree. |
| 110 | |
| 111 | Once an entity changes its status (i.e., sequence number is updated), it should generate a data |
| 112 | packet, called **sync-reply**, which contains its session name and the latest sequence number. |
| 113 | The sync-reply will be forwarded back to all the entities. |
| 114 | These entities will update their knowledge set and the root digest of their sync trees, |
| 115 | and express a sync-interest with the new root digest. |
| 116 | |
| 117 | The name of a sync-reply extends the sync-interest name by one name component ``Nonce``. |
| 118 | In case that the actual size of a sync-reply exceeds the network layer packet size limit, |
| 119 | a sync-reply needs to be broken into multiple segments. |
| 120 | Any pair of {prefix, seqNo} should not be splited into two segments. |
| 121 | Therefore, the sync-reply name could be: |
| 122 | |
| 123 | /<sync-interest>/[Nonce]/[SegmentNo] |
| 124 | |
| 125 | ``SegmentNo`` follows the definition specified in `NDN naming convention |
| 126 | <http://named-data.net/wp-content/uploads/2014/08/ndn-tr-22-ndn-memo-naming-conventions.pdf>`__. |
| 127 | |
| 128 | |
| 129 | |
| 130 | Recovery |
| 131 | -------- |
| 132 | |
| 133 | An entity may receive a sync-interest with a digest that is different from the entity's current |
| 134 | root digest. |
| 135 | The received digest could fall into either of two cases: old digest or unknown digest. |
| 136 | |
| 137 | To tell whether the received digest is an old one, |
| 138 | each entity should keep a log about how its root digest changes over time. |
| 139 | If the received digest can be found from the log, it must be the old digest. |
| 140 | With the log, the receiving entity can tell which sessions have changed the states since the state |
| 141 | represented by the old digest, therefore it can put the latest sequence number of these sessions |
| 142 | into sync-reply. |
| 143 | Therefore the size of sync-reply is roughly determined by the number of sessions in a sync group. |
| 144 | |
| 145 | Unrecognized digest will happen when both sender and receiver of the sync-interest have some state |
| 146 | updates that the other side does not have |
| 147 | (e.g., two sessions generate state updates at the same time; |
| 148 | or an entity has not received some state updates yet). |
| 149 | When receiving an unrecognized digest, an entity should set a delay response timer |
| 150 | (0, *T*\ :sub:`delay_response`\ ] ms |
| 151 | (**What is the value of** *T*\ :sub:`delay_response`\ **? 200?**). |
| 152 | If the missing state updates are received during this time and updated root digest matches the |
| 153 | pending incoming interest, the delay response timer will be canceled. |
| 154 | If no missing state update is received during this time, |
| 155 | the entity should try to help the sync-interest sender to recover the knowledge set by returning |
| 156 | its complete knowledge set (or ignore the interest if its knowledge set is empty). |
| 157 | |
| 158 | |
| 159 | Simultaneous Update |
| 160 | ------------------- |
| 161 | |
| 162 | In some cases, two sessions may generate updates at the same time. |
| 163 | Some entities in the sync group may receive the update from one session, |
| 164 | while the rest entities may receive the update from the other session. |
| 165 | As a result, entities in the same sync group have different knowledge sets. |
| 166 | This case is equivalent to the unknown digest discussed above |
| 167 | and can be recovered with a complete knowledge set. |
| 168 | Note that ``Exclude`` selector is not used in this case. |
| 169 | |
| 170 | Reset Sync Group |
| 171 | ---------------- |
| 172 | |
| 173 | Sync group needs to be reset periodically in order to clean up inactive sessions. |
| 174 | All active sessions should join the sync group again after resetting. |
| 175 | |
| 176 | Reset signal is expressed as a **reset-interest**. |
| 177 | |
| 178 | /ndn/broadcast/[AppName]/[GroupName]/reset |
| 179 | |
| 180 | Reset-interest is expected to time out. Reset-interest should be sent out in two cases: |
| 181 | |
| 182 | 1. When a new session joins the sync group, the entity running the new session should |
| 183 | send out a reset-interest. |
| 184 | 2. Each entity, once receiving a reset-interest, should restart a timer |
| 185 | (*T*\ :sub:`reset`\ , *T*\ :sub:`reset`\ + *T*\ :sub:`random`\] seconds |
| 186 | (**What is the value of** *T*\ :sub:`reset`\ **? 600?** |
| 187 | **What is the value of** *T*\ :sub:`random`\ **? 60?**), |
| 188 | the entity should send out a reset-interest when the timer expires. |
| 189 | |
| 190 | Reset-interest will multicast to all entities in the sync group. |
| 191 | Once receiving a reset interest, an entity should |
| 192 | |
| 193 | 1. reset its own sync tree but still keep using its latest sequence number; |
| 194 | 2. express a sync-interest ``/ndn/broadcast/[AppName]/[GroupName]/[EmptyInputDigest]`` (``mustBeFresh`` =true); |
| 195 | 3. start a delay response timer (0, *T*\ :sub:`delay_response`\ ] ms. |
| 196 | |
| 197 | When the a state update is received before the timer expires, |
| 198 | the entity should update its sync tree and express a sync-interest with the new root digest. |
| 199 | The entity should reset the delay response timer until it makes the first sync-reply which contains |
| 200 | its own sequence number. |
| 201 | |
| 202 | The ``InterestLifetime`` of reset-interest is set to 10 seconds. |
| 203 | If the interval between two reset-interests is less than 10 seconds, they will be aggregated. |
| 204 | Otherwise, the latest reset-interest will suppress the previous reset-interest. |
| 205 | |
| 206 | Sync Reply Format |
| 207 | ================= |
| 208 | |
| 209 | The content of sync reply is defined as a TLV block. |
| 210 | :: |
| 211 | |
| 212 | SyncReply ::= SYNC-REPLY-TYPE TLV-LENGTH |
| 213 | StateLeaf+ |
| 214 | |
| 215 | StateLeaf ::= STATE-LEAF-TYPE TLV-LENGTH |
| 216 | Name |
| 217 | Seq |
| 218 | |
| 219 | Seq ::= SEQ-TYPE TLV-LENGTH |
| 220 | nonNegativeInteger |
| 221 | |
| 222 | |
| 223 | Type Code Assignment |
| 224 | -------------------- |
| 225 | |
| 226 | +------------------+----------------+----------------------+ |
| 227 | | Type | Assigned code | Assigned code (hex) | |
| 228 | +==================+================+======================+ |
| 229 | | SYNC-REPLY-TYPE | 128 | 0x80 | |
| 230 | +------------------+----------------+----------------------+ |
| 231 | | STATE-LEAF-TYPE | 129 | 0x81 | |
| 232 | +------------------+----------------+----------------------+ |
| 233 | | SEQ-TYPE | 130 | 0x82 | |
| 234 | +------------------+----------------+----------------------+ |