ICN Research Group R. Ravindran Internet-Draft A. Chakraborti Intended status: Informational A. Azgin Expires: September 22, 2016 Huawei Technologies March 21, 2016 Forwarding-Label support in CCN Protocol draft-ravi-ccn-forwarding-label-02 Abstract The objective of this proposal is to enable ID and Locator namespace split in the CCN protocol that has several applications such as towards Interest routing optimization, mobility, handling indirections in manifests, and routing scalability. We enable this through the notion of forwarding-label (FL) object, which is an optional hop-by-hop payload in the Interest message with a locator name which identifies a network domain, router, or a host. Depending on the application and trust context, an FL object can be subjected to policy based actions by the forwarders such as invoking security verification or enabling other service-centric actions such as FL object replacement. FL object can be inserted by the applications or by the network. To enable dynamic name resolution FL objects can also be modified in the network by designated points such as the edge routers. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on September 22, 2016. Ravindran, et al. Expires September 22, 2016 [Page 1] Internet-Draft Forwarding-label support in CCN March 2016 Copyright Notice Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. ID-Locator Namespace Split in CCN . . . . . . . . . . . . . . 2 2. Forwarding-Label Object Proposal . . . . . . . . . . . . . . 4 2.1. FL Object Naming . . . . . . . . . . . . . . . . . . . . 4 2.2. FL Object Insertion . . . . . . . . . . . . . . . . . . . 4 2.3. FL Object Swapping . . . . . . . . . . . . . . . . . . . 5 2.4. FL Object Termination . . . . . . . . . . . . . . . . . . 5 3. FL Object Message Format . . . . . . . . . . . . . . . . . . 6 4. FL Object Processing Rules . . . . . . . . . . . . . . . . . 7 5. PIT Processing Implications . . . . . . . . . . . . . . . . . 8 6. Caching Implications . . . . . . . . . . . . . . . . . . . . 9 7. Multiple Domain Scenario . . . . . . . . . . . . . . . . . . 9 8. FL Object Security . . . . . . . . . . . . . . . . . . . . . 9 9. Use Case Scenarios . . . . . . . . . . . . . . . . . . . . . 10 9.1. Handling Producer Mobility . . . . . . . . . . . . . . . 10 9.2. Manifests . . . . . . . . . . . . . . . . . . . . . . . . 11 9.3. Interest Routing Optimization . . . . . . . . . . . . . . 14 9.4. Routing Scalability . . . . . . . . . . . . . . . . . . . 14 10. Informative References . . . . . . . . . . . . . . . . . . . 14 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15 1. ID-Locator Namespace Split in CCN In the context of ICN/CCN, we define identifier and locator as follows: o Identifier (ID) is a persistent secure or non-secure flat-ID or a hierarchical name assigned to a content, device or service. If the ID is secure, then trust relationship can be derived from it. Generally the identifier space is managed by applications. Ravindran, et al. Expires September 22, 2016 [Page 2] Internet-Draft Forwarding-label support in CCN March 2016 o Locator (LID) is a routeable topological name assigned to a network entity such as a router, a server, or an end device. Generally the locator space is managed and assigned by the network administrators. We discuss here the motivations behind the need for separation between persistent name (ID) and a locator (LID) in the Interest message in the context of CCN and a proposal to achieve this. The advantages of ID/Locator have been extensively studied and it has been part of many host-centric protocols such as HIP[2], ILNP [3], and LISP [4] and is also part of FIA architectures such as MobilityFirst[16]. Specifically in CCN, ID based routing is not efficient considering the need to dynamically replicate content and handle mobile entities, and the problem to address routing scalability [11]. Hence providing this distinct ID-LID separation in the protocol offers the following advantages: o Today CCN applications bind to persistent IDs, while their resolution is handled through per-hop name-based routing by a CCN forwarder using unicast/anycast/broadcast mechanisms, with routing scalability handled through its namespace aggregation. This model can introduce problems when the named entity is mobile, migrated, or replicated, as the names have to be announced in the routing control plane which can in turn introduce routing instability and scalability challenges (as the name aggregation to topological binding cannot be satisfied anymore). Enabling ID/Locator split and managing this mapping in a separate name resolution service shall address the routing churn introduced by dynamic entities. CCN is unique in the sense that both name-based routing and resolution service can operate simultaneously driven by their use based on a given context. For e.g. while inter-domain routing can be handled using a name resolution service, intra-domain routing can be based on name-based routing. o ID and Locator namespaces are managed by different entities. IDs are managed by applications, hence relevant only to consumers, producers and intermediate service points, while locator names are managed by a network administrator. Locators map to network domains or specific network elements through which the named entity is reachable. The relationship between the two is established during the namespace publishing phase, and managed by a separate name resolution service. ID/Locator distinction in CCN allows applications to manage its own namespace and not be restricted by the naming rules imposed by the network. o Affording ID/Locator split in an Interest message offers many advantages in CCN especially when a centralized control is applied such as using NFV/SDN frameworks, enabling efficiency and Ravindran, et al. Expires September 22, 2016 [Page 3] Internet-Draft Forwarding-label support in CCN March 2016 flexibility in name resolution, routing, mobility, service chaining, and routing scalability. Considering the above requirements, we propose a Forwarding-label (FL) object, which acts as a locator and provides the flexibility to forward Interests on a name other than the one provided within the original Interest message with the ability to modify it within the network. Handling ID/Locator mapping requires a control plane infrastructure and appropriate network layer state with security functions to prevent malicious usage. Specific control plane or security mechanism of ID/Locator mapping is out of the scope of this document as many techniques can be used towards achieving this. This draft presents various considerations towards FL object management such as: FL object insertion/modification/deletion, FL object processing by a CCN forwarder, PIT/CS implications for FL object carrying Interests, FL object Interest packet format, and security/ trust considerations. We then discuss the application of FL object in various scenarios. 2. Forwarding-Label Object Proposal The use of FL is required when routing by ID is inefficient in scenarios such as replicated content, device mobility, or scalability challenges when ID based routing is employed. FL objects are subjected to processing and modification in the network depending on the specific use case scenario. Following we discuss various aspects of FL related to its semantics and management. 2.1. FL Object Naming FL objects are container objects that include LID, service specific metadata, and security attributes for authentication. LIDs are hierarchically structured topologically names where the names follow the definition in [1]. The security attributes are optional and may include validation payload and algorithm as discussed in [1]. 2.2. FL Object Insertion An FL object can be inserted in an Interest message by the consuming application or by the network. In certain situations, the application logic may use an FL object in addition to the ID in the Interest message or this action may also be triggered because of feedback from the network, for instance due to failure of routing the Interest message based on the ID. In such situations, forwarders which process traffic from applications outside the trust domain require a way to validate the FL object. A possible approach to ensure trust in such situations is discussed in Ravindran, et al. Expires September 22, 2016 [Page 4] Internet-Draft Forwarding-label support in CCN March 2016 [11] where a trust binding is provided between the ID and the LID as a link object which can be validated by the forwarder. To avoid the possibility of a misuse of an FL object, a default policy of the network may be to ignore it from untrusted applications and only choose to route by the content ID. In the case where the FL object is inserted by the network, FL object insertion is triggered at the ingress service routers of the network domain. For instance, network may insert an FL object to an incoming Interest message, if the Interest message satisfies the flow service profiles that are imposed by the network administrator at the ingress edge routers. The service profile matching actions may include matching an Interest name to a set of service prefixes or triggered by certain markings such as context-ID (for e.g. contexts may include service, trust, location) in the Interest message. FL objects inserted within the trust domain may not require security validation. In situations where a forwarder handles both of these scenarios, policies can be applied at the ingress router to handle the two cases accordingly. These policies may include the face on which the Interests arrives on, or the Interest IDs etc. 2.3. FL Object Swapping An FL object can be swapped by another within the network in the context of a given service at designated points, such as the service edge routers, in the network. As an FL object carries a LID, and with appropriate representation and security considerations in the Interest message, FL objects also can be potentially stacked if the Interest message has to be tunneled through a domain, where routing based on the top level FL object is not feasible. 2.4. FL Object Termination FL objects are terminated by a forwarder when the LID in it matches its own LID. Here we assume a forwarder to possibly have many LIDs such as domain-IDs or router-IDs. For e.g. a forwarder (in a domain) identified as /att/santaclara can process an FL object with its LID set to this router's domain name or to a forwarder ID such as /att/santaclara/pop-x. Whenever an FL object is terminated by the forwarder, depending on the service context, it can attach a new FL object, or conduct additional processing (e.g. re-resolution of the name to a new FL object) based on the Interest parameters. The FL object can also include optional policy metadata based on which FL objects can be swapped in the network. Ravindran, et al. Expires September 22, 2016 [Page 5] Internet-Draft Forwarding-label support in CCN March 2016 3. FL Object Message Format As FL objects are swappable in the network, it is proposed as a hop- by-hop field in the optional body of the fixed header as shown in Figure 1. The optional FL container includes attribute of type FL- Object, which contains a name TLV identifying the LID (Figure 2). LID is a hierarchically structured variable length name as defined in [1]. A LID implies a locator such as an AS-ID, Gateway-ID, Router-ID or Host-ID. In addition to the LID, optional FL metadata includes contextual information on the application or the service to aid the network for invoking an appropriate FL processing, such as trust validation of the FL object. Optional security attributes, such as authentication information, can be included depending on the specific use case scenarios, such as secure name delegation information as discussed in [11], or signature of the consumer. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | CCN Fixed Header | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type = FL-Object | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LID TLV | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / Optional FL Object Metadata / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / Optional FL Object Security Attributes / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / Interest Message Body / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 1: Interest message with hop-by-hop Optional Forwarding-Label TLV Ravindran, et al. Expires September 22, 2016 [Page 6] Internet-Draft Forwarding-label support in CCN March 2016 +----------------------+------------------+-----------------+ | Forwarding-Label | Meaning | Value | +----------------------+------------------+-----------------+ | LID TLV | Identifies an | Name TLV | | | AS-ID/Gateway-ID/| | | | Host-ID | | +----------------------+------------------+-----------------+ Figure 2: Locator-ID (LID) Definition 4. FL Object Processing Rules The following discussion is based on the assumption that all forwarders must process the optional header fields. In the context of CCN packet processing, FL object is only relevant when the decision to forward the Interest message is to be made. At this stage, multiple options exist, assuming consistent policies exists throughout the domain: 1) In the first scenario, the rule may be that if an FL object is included in an Interest message, then it should be given preference over the ID. This is under the assumption that FL objects are trusted indirections within the Interest message, and can be validated by the router if required; 2) In the second scenario, the forwarder could prioritize forwarding on the ID, and then forward on the LID at every hop; 3) In the third scenario, where policy based routing is involved, more complex routing approaches can be considered at the network edge, such as the forwarder could apply service policy on the Interest ID and choose to remove or swap it with a new FL object irrespective of the current FL object inserted in the Interest message, while the core nodes could use a more simpler approach, such as approach 1 or 2. Following are the steps when approach 1 is applied. o During Interest packet processing, while a forwarding decision is being made, if an LID is available then it should be preferred for forwarding over the name in the Interest message irrespective of the feasibility of ID based routing. o The validation of FL depends on the trust context. In trusted scenarios, where the applications and the network are managed by the same authority, the forwarder can bypass the validation. In untrusted scenarios, the edge router may validate the FL that is inserted by the sender, and to avoid re-validations by successive forwarders, these Interests can be marked to have been validated at the ingress point. Ravindran, et al. Expires September 22, 2016 [Page 7] Internet-Draft Forwarding-label support in CCN March 2016 o If FL object is trusted and validated and the lookup based on LID in the FL object succeeds, then two possibilities exist: 1) for a non-terminating flow, the LID FIB lookup results in a next hop towards which the Interest is forwarded ; 2) for a terminating flow, LID lookup invokes a service logic wherein the service either re-resolves the Interest ID to another LID resulting in a new FL object or removes the current FL object and subjects the Interest to regular processing based on the ID in the Interest message. o If the FL object is trusted and validated and the LID lookup fails, then the router can try to forward the Interest based on the Interest ID. However if routing based on the Interest ID fails, then the router could raise an error condition and feedback the message to the previous hop, in the same or a different domain, with the appropriate error code. 5. PIT Processing Implications To maintain the simplicity of the forwarding logic, the purpose of an FL object should be to guide the Interest towards the closest source of the resource entity, hence FL object may only be used for the forwarding decision and not be required for content object processing. However there may be usage scenarios where the FL object state is required to be saved in the PIT and even piggybacked in the content object (CO). For example, in the case when there is no binding between the ID and the LID in the Interest expressed by a consumer, and multiple Interests arrive carrying the same ID but with different LIDs, then the expected outcome is to forward all such Interests with unique LIDs. In this case the forwarder is required to save the LID along with the Interest ID in the PIT and forward the duplicate Interest whose LIDs differ from ID to LIDs state saved in the PIT. In another application, it may be required to decouple the choice of one consumer's LID from another consumer's LID, i.e, when a secure binding exists between the ID and the LID. In this case, the forwarder stores the FL object in the PIT, and the returning CO should piggyback the Interest's FL object as long as the CO is from the location intended in the LID, which is matched against the pending PIT entry before continuing with the reverse path forwarding. In cases, where the FL object is swapped by the intermediate routers, the CO should be updated with the appropriate FL to ensure matching of the PIT entries along the previous hops. These considerations are similar to those elaborated in [14]. Ravindran, et al. Expires September 22, 2016 [Page 8] Internet-Draft Forwarding-label support in CCN March 2016 6. Caching Implications The considerations here follow our previous discussion, where the FL object is piggybacked in the CO. If there is an implicit security binding between the Interest ID and the LID, then the FL object state is piggybacked along with the CO, and the FL object in the incoming Interest should be matched against the CO's FL object before the cached content object is returned. 7. Multiple Domain Scenario In wide area network scenarios, Interests cross multiple domains. If an FL object is only trusted within the domain boundaries, then the FL object is removed before the Interest is forwarded to the next domain, which then, upon entry inserts a new forwarding label with the associated security attributes at the ingress of the next domain. But if trust exists between domains, such as one through a trusted third party (validated based on the FL object security binding), to use the FL inserted by the previous domain, then the intermediate domains can avoid further FL processing and use the FL object passed on by the previous domains. 8. FL Object Security FL object security is related to the purpose it is used for and the control plane mechanism used to manage it. Depending on the use case scenario of the FL, appropriate security mechanisms should be applied to secure the control and data planes to avoid exploitation of this feature. Generally, the major threats against the FL object approach is to manipulate the relationship between the name and the FL object. Such manipulations can happen in various scenarios, some of which are listed as follows: (i) a malicious interceptor (acting as a publisher) intentionally injecting an incorrect mapping into the name resolution system; (ii) a malicious interceptor (between the edge router and the resolution server) manipulating the mapping sent back from the name resolution system when the edge router queries the mapping system ; (iii) a compromised intermediate router maliciously changing the FL object, e.g., with the wrong FL object or an out- dated FL object; (iv) an untrusted application injecting invalid FL object into the Interest message. To achieve network level FL security, appropriate mechanisms should be applied to provide mapping provenance, mapping integrity and to prevent replay attack to address these issues. The security mechanisms applicable to the above discussed scenarios (i) and (ii) are similar to ones applied to secure other mapping systems such as Ravindran, et al. Expires September 22, 2016 [Page 9] Internet-Draft Forwarding-label support in CCN March 2016 LISP [5] and DNS[7]. Scenario (iii) requires new security mechanisms, one such way is to enable a domain level trust infrastructure so that the mapping between the name and the FL object can be authenticated by the successive routers. In untrusted environments, when an FL object is inserted in the Interest message by the end hosts, appropriate authentication information should also be included in the FL object to allow ingress routers to optionally validate the delegation of the Interest ID to LID [11]. Furthermore, additional security policies can be enabled by the network to handle FL objects outside its trust domain. 9. Use Case Scenarios Here we provide the discussions related to using FL objects in different scenarios. 9.1. Handling Producer Mobility In the literature the different techniques to handle producer mobility can be classified into the following two types: o Application-based approach, where the application takes the responsibility for announcing its reacheability to the network and triggering a network state change to enable Interest routing towards the mobile producer. Most of the current proposals fall under this category, and these include the following two approaches: 1)The Kite proposal [13] implements an anchor based approach where consumers and producers agree on an anchor point based on external mechanisms and uses application initiated (traced and tracing) Interests to handle the producer mobility; 2)The anchor-less proposal [15] is another application-based approach wherein enhanced name-based routing is used to track the mobile producer. While these approaches allow consumers and producers to work on a single name space, it raises scalability concerns with increasing number of mobile nodes and number of applications signaling into the network. As these approaches introduce more signaling in the network, the operational efficiency of packet forwarding is negatively affected due to the state changes that have to be applied to maintain the sanity of the Interest packet processing logic. Another potential security issue with these approaches is that it can be prone to flooding attacks by malicious applications targeting specific application names and impeding their normal operation. o Network-based approach uses the late-binding technique [8], wherein the reachability of the mobile node is handled by the network. In this case applications can explicitly request Ravindran, et al. Expires September 22, 2016 [Page 10] Internet-Draft Forwarding-label support in CCN March 2016 mobility for a given name space [9], with the network handling the mobility by tracking its latest location in the network through a name resolution system. At the same time, through coordination of the old and new point-of-attachments (PoA) and in-band signaling one can achieve zero loss for a given Interest flow. The late- binding technique uses ID/Locator split that is only applied at the PoAs, thereby avoiding any routing churn in the network due to producer mobility, while offering better scalability when the number of mobile producers increases. Here the mobile entity (ME) registers a persistent name that requires mobility with its current point-of-attachment (PoA). The PoA then registers the mapping between the name and the PoA's locator in its local name resolution system. Then the domain updates the ME's home domain name resolution system with its current domain LID. When a correspondent nodes expresses Interest for the name, it is first resolved to the current ME domain by the home domain. When the Interest enters the domain offering mobility service, it is resolved again to the ME's current location. Furthermore PoA-to- PoA signaling can be enabled to offer seamless forwarding of Interests whenever an ME changes its PoA. In addition to correcting the path stretch the Interests re-routed from the old PoA can be marked and re-routed to the new PoA with the new FL. On the return path, the CO are also marked, this in-band marking is used by the ingress PoA at the consumer's end to re-resolve the mobile prefix to a new forwarding locater that would correct the path stretch. 9.2. Manifests The FL objects can also be used to support the retrieval of nameless objects [10]. Using the current manifest proposal [6] a consumer receives a manifest with the ContentObjectHashIDs and their respective locator information. A consuming application uses the locater as a routeable content name, while the ContentObjectHashID is used as a HashID restriction parameter. Multiplexing the Interest name field as an ID and also as an LID has the following consequences: (1) a forwarder cannot distinguish between Interest packets containing ID or LID in the name field, as the protocol doesn't differentiate these two constructs; (2) it complicates Interest processing when LID is used as a name, by first requiring to check for the presence of ContentObjectHashID, and to use it to index the Interest based on it instead of the locator name; (3) more complications arise if an Interest packet arrives with two IDs i.e. a ContentObjectHashID as the hash restriction and the ID as the content name, in which case, one of them may seek precedence over the other. The above issues can be avoided through the use of the ContentObjectHashID as the content name and the locater in the FL Ravindran, et al. Expires September 22, 2016 [Page 11] Internet-Draft Forwarding-label support in CCN March 2016 object. In this case, a forwarder will always index the pending Interest table based on the content name. The routing decision then would be based on the FL object depending on the routing policy in the forwarder. This also avoids the situation of dealing with two IDs in the Interest packet, i.e. the application has to choose either ID or ContentObjectHashID as the content ID. This use of FL object can be enforced in a straight forward manner by identifying flat-ID, e.g. ContentObjectHashID, and routeable name as different typed name objects in the Interest packet. A possible high level forwarding logic for the edge/core router to support nameless objects based on the above discussion is presented in Figure 3. Here edge router can also be a gateway node. Ravindran, et al. Expires September 22, 2016 [Page 12] Internet-Draft Forwarding-label support in CCN March 2016 Begin if Edge_Router If Interest arrives on a face with a flat-ID Then check for the presence of FL object If FL object is present, use the LID in the FL object for Interest forwarding If there no FL Object If policy allows, resolve the flat-ID with a NRS to obtain an FL object Use the FL object to route the Interest End If the Interest arrives with a routeable ID If there is FL object Then use the ID for forwarding and Remove the FL object If there is no FL object Match Interest ID with name policy for e.g. mobility or interest routing optimization If a name policy for resolution exists Then network resolution service is invoked on the ID which returns an FL object Use the FL object to direct the Interest to the appropriate next hop End End if Core_Router if Interest arrives with an FL Object Use the LID for forwarding Else if Interest is with a Routeable ID Use the name for forwarding End Figure 3: Forwarding logic to support flat-ID and routeable ID at the edge router We discuss security implications of using ID and FL object in the Interest message depending on the ID type and o Case 1 - ContentObjectHashId with FL object: This use case is a straight forward simplification of what is being proposed in [10]. Here the locator is included within the FL object and the ContentObjectHashId is used as the name, so this shouldn't introduce any new security concerns. This holds good for both application and network based FL object insertion. Ravindran, et al. Expires September 22, 2016 [Page 13] Internet-Draft Forwarding-label support in CCN March 2016 o Case 2 - Routeable ID with FL object: For UE based FL object insertion, this scenario can cause cache poisoning in the absence of signature check enforcement in the forwarders. For the case when FL object is managed within a trusted domain, the security implications are discussed in Section 8. 9.3. Interest Routing Optimization Networks which hosts its own or third party content/service can benefit from the ability to handle Interest routing logic in its domain opportunistically. When a Interest seeking a specific content or service enters a network domain, the ingress router can redirect the Interest to the closest cache point or service location. 9.4. Routing Scalability As discussed in [11], locator based routing can address routing scalability as the number of ASs are many orders less than the number of information objects. This reduces the forwarding table in the DFZ zone in the order of number of ASs in the Internet. 10. Informative References [1] CCN Wire format, CCNX1., "http://www.ietf.org/id/ draft-mosko-icnrg-ccnxmessages-00.txt.", 2013. [2] Nikander, P., Gurtov, A., and T. Henderson, "Host identity protocol (HIP): Connectivity, mobility, multi-homing, security, and privacy over IPv4 and IPv6 networks", IEEE Communications Surveys and Tutorials, pp: 186-204, 2010. [3] Atkinson, R., "An Overview of the Identifier-Locator Network Protocol (ILNP)", Technical Report, University College London, 2005. [4] LISP, RFC6380., "https://tools.ietf.org/html/draft-ietf- lisp-sec-07.", 2014. [5] LISP-Security, LISP-SEC., "https://tools.ietf.org/html/ draft-ietf-lisp-sec-07.", 2014. [6] CCNx, Manifest., "http://www.ccnx.org/pubs/ draft-wood-icnrg-ccnxmanifests-00.html.", 2015. [7] DNS-SEC, RFC4033., "DNS Security Introduction and Requirements.", 2005. Ravindran, et al. Expires September 22, 2016 [Page 14] Internet-Draft Forwarding-label support in CCN March 2016 [8] Afanasyev, A., "Map-and-Encap for Scaling NDN Routing.", NDN Technical Report ndn-004-02, 2015. [9] Ravidran, R., "Realizing Mobility as a Service in CCN.", IETF/ICNRG, Paris Interim 2016, 2016. [10] Mosko, M., "Nameless Objects.", IETF/ICNRG, Paris Interim 2016, 2016. [11] Azgin, A., Ravindran, R., and G. Wang, "A Scalable Mobility-Centric Architecture for Named Data Networking.", ICCCN (Scene Workshop) , 2014. [12] Cisco System Inc., CISCO., "Cisco visual networking index: Global mobile data traffic forecast update.", 2009-2014. [13] Zhang, Y., Zhang, H., and L. Zhang, "Kite: A Mobility Support Scheme for NDN.", NDN, Technical Report NDN-0020 , 2014. [14] CCNx Label Forwarding, CCNLF., "http://www.ccnx.org/pubs/ ccnx-mosko-labelforwarding-01.txt.", 2013. [15] Auge, J., Carofiglio, G., Grassi, G., Muscariello, L., Pau, G., and X. Zeng, "Anchor-less Producer Mobility in ICN.", ICN, Sigcomm, 2015 , 2015. [16] NSF FIA project, MobilityFirst., "http://www.nets-fia.net/", 2010. Authors' Addresses Ravishankar Ravindran Huawei Technologies 2330 Central Expressway Santa Clara, CA 95050 USA Email: ravi.ravindran@huawei.com Asit Chakraborti Huawei Technologies 2330 Central Expressway Santa Clara, CA 95050 USA Email: asit.chakraborti@huawei.com Ravindran, et al. Expires September 22, 2016 [Page 15] Internet-Draft Forwarding-label support in CCN March 2016 Aytac Azgin Huawei Technologies 2330 Central Expressway Santa Clara, CA 95050 USA Email: aytac.azgin@huawei.com Ravindran, et al. Expires September 22, 2016 [Page 16]