الملخص الإنجليزي
Named Data Networking (NDN) is emerging as a future Internet architecture, representing a paradigm shift from host/location-centric to content-centric networking. In NDN, data retrieval is based on content names rather than data location, aligning with the concept of information-centric networking (ICN). To accelerate NDN deployment, it's crucial to establish a mechanism for advertising name-based prefixes across different domains. In IP-based routing, border gateway protocol (BGP) is the de facto inter-domain routing protocol (IDR) that plays a vital role in Internet communication by enabling different Internet domains to exchange routing information. In its current form, BGP can advertise and process IP-based prefixes, but it cannot advertise or process NDN name-based prefixes. Accordingly, the main objective of this thesis is to come up with a comprehensive and practical solution to route NDN traffic globally within BGP networks without disturbing or breaking the current Internet operation. Initially, there's a necessity to extend BGP to accommodate NDN technology to ensure the seamless routing of NDN packets alongside IP packets without disrupting or compromising the existing functionality of the internet. Therefore, an NDN extension for BGP is proposed, called N-BGP, and it is designed to enable the exchange of name-based routes within existing BGP networks. The proposed extension transforms traditional BGP speakers into hybrid ones, capable of efficiently understanding, advertising, receiving, processing, and storing both IP-based and name-based prefixes concurrently. This is achieved by: 1) introducing an NDN capability in the optional parameter of the BGP's open message, 2) proposing a new update message called the NDNUPDATE message for conveying NDN names for advertisement or withdrawal, 3) defining three logical Routing Information Base (RIB) tables to manage name prefixes and their associated routing information, 4) proposing a new NOTIFICATION error type termed “NDN-UPDATE Message Error” and new sub-errors to inform Hybrid speakers if any error has occurred while advertising NDN-UPDATE messages and shut down the established connection, 5) incorporating a periodic threaded handler to N-BGP, the "advertisement handler," for processing received messages efficiently, and 6) integrating the N-BGP process with the Named Data Networking Forwarding Daemon (NFD) process to streamline the automated writing of name prefixes in the N-BGP RIB table to the NDN Forwarding Information Base (FIB) table. N-BGP was validated and evaluated in a hybrid environment, and the results show that N-BGP has the capability to exchange and process both Name and IP-based routes efficiently. v The necessity of advertising millions of domain names in N-BGP can significantly impact several aspects such as the frequency of NDNUPDATE messages, the size of routing tables, and convergence time. Consequently, this heightened utilization of speaker resources can adversely affect CPU and memory consumption, posing challenges to the stability and scalability of N BGP. In response to these challenges, a novel approach for global routing optimization is proposed. This optimization strategy involves several key steps: 1) implementing a Peer Name Provider (PNP) system comprising both PNP Servers (PNPS) and PNP Clients (PNPC), 2) globally advertising the PNPS names and the delivery locations (DL) which are derived from Autonomous System Numbers rather than producers' names, 3) utilizing the NDN’s Interest ForwardingHint element to convey the ASName corresponding to the delivery location of the requested data. The proposed scheme is then implemented and evaluated within the context of N-BGP using the Mininet emulator. The findings indicate that the proposed approach significantly boosts the scalability performance of N-BGP. This is evident in several key metrics: a reduction in exchanged message volume by a factor of 14.5, a decrease in convergence time by 93-fold, a substantial decrease in memory utilization by 2,500 times, and a notable drop in CPU utilization from 91% over approximately 228 seconds to 23% in less than 3 seconds when implementing N-BGP with the proposed scheme. One critical element to support the operation within the IDR system is address resolution. To address this need within the context of NDN domain, we propose a novel two-element solution aimed at enhancing name-to-delivery location resolution within NDN networks. This solution comprises: 1) a proposed data structure for the PNPS mapping table, termed Enhanced Coding Hash Trie data structure (ECHT), designed to optimize insertions, deletions, and lookup operations, and 2) a proposed PNP management protocol intended to automate the population and modification of the mapping table, thereby enhancing efficiency by simplifying processes and reducing human error during modifications to mapping table entries. The proposed solution is implemented and thoroughly tested on the PNPS mapping table, with its performance compared against two alternative algorithms: component and character tries. The results reveal a significant enhancement in the operational speed of the mapping table when utilizing the proposed data structure. Specifically, the insertion process achieves rates of 335.96 Names/ms for ECHT, and 9.196 and 8.576 Names/ms for the component and character algorithms, respectively. To prevent unauthorized modifications to the PNPS mapping table by malicious producers, it is crucial to implement an authentication framework. Thus, we propose the NDN One-Time Authentication (NDNOTA) framework, designed to authenticate NDN online services, applications, and data in real time. NDNOTA consists of three core elements: the consumer, producer, and authentication server. By employing various security measures such as Single Sign-On (SSO), token credentials, certified asymmetric keys, and signed NDN packets, NDNOTA aims to bolster the security of NDN-based interactions. To vi gauge the efficacy of the proposed framework, we validate and evaluate its impact on the three core elements in terms of time performance. For example, when a consumer request authenticated content through the entire NDNOTA process, there is an additional time overhead of 70 milliseconds compared to requesting normal content that doesn't require authentication. However, once the authentication token is generated and stored, this delay is amortized, resulting in a comparable timeframe to unauthenticated content requests.
