Ouroboros: Difference between revisions

From Ouroboros
Jump to navigation Jump to search
Line 12: Line 12:


= Objectives =
= Objectives =
== Robust and configuration ==


Internet is resilient against attacks on infrastructure (hardware), but vulnerable to attacks from within on configuration.
Internet is resilient against attacks on infrastructure (hardware), but vulnerable to attacks from within on configuration.
Network and service configuration over TCP/IP:


== Robust configuration ==
* A lot
* Manual
* Everywhere
* Brittle: A small error can bring down everything
* Not portable


Microservice configuration requires a lot of manual configuration, for each individual component.
O7s aims for:


* networking capability checks (SSL, IPv6, ...)
'''Single point of configuration''': Instead of having network configuration per application, single network configuration file per system.
* configuration, usually in different formats
* firewall configuration for each service


This configuration is not very portable.
'''Single point of contact''': Flow allocator - authentication/security before first application byte


'''Single point of configuration''': Instead of having network configuration per application, single network configuration file per system taking care of
* authentication and security algorithms
* no firewalls needed
'''Single point of contact''': Flow allocator - authentication/security before first application byte


== Prevent ossification ==
== Prevent ossification ==

Revision as of 10:37, 29 October 2023

Under contruction This page is under construction  

Summary

Ouroboros is a prototype packet-switched network. It is based on a redesign of the current packet networking model – from the programming API almost to the wire. If we had to describe Ouroboros in a single sentence, it would be micro-services architecture applied to the network itself.

From an application perspective, an Ouroboros network is a “black box” with a simple application programming interface to request communication services. Ouroboros can provision a unicast flow - a (bidirectional) channel that delivers messages or a byte-stream with some requested operational parameters such as maximum delay and bandwidth, protection against packet loss and authentication of peers and encryption of in-flight data; or it provides a broadcast flow to a set of joined programs.

From an administrative perspective, an Ouroboros network is a bunch of daemons that can be thought of as software routers (unicast) or software hubs (broadcast) that can be connected to each other; again through a simple management API.

While the prototype is not directly compatible with TCP/IP or POSIX sockets, it has interfaces and tools to run over Ethernet or UDP, or to create IP/Ethernet tunnels over Ouroboros by exposing tap or tun devices.

Objectives

Robust and configuration

Internet is resilient against attacks on infrastructure (hardware), but vulnerable to attacks from within on configuration. Network and service configuration over TCP/IP:

  • A lot
  • Manual
  • Everywhere
  • Brittle: A small error can bring down everything
  • Not portable

O7s aims for:

Single point of configuration: Instead of having network configuration per application, single network configuration file per system.

Single point of contact: Flow allocator - authentication/security before first application byte


Prevent ossification

HTTP has taken over the role of 'narrow waist' anymore from IP, reverse proxy has become the service endpoint. The protocol stack up to TCP/UDP port 443 is becoming more and more ossified.

Fast Bootstrap

Retrieved from "https://ouroboros.rocks/mediawiki/index.php?title=Ouroboros&oldid=1053"