Previously we had talked about service-centric networking. Since then we have now implemented a prototype experiment implementing the ideas from Serval that demonstrates ICMP ping migration involving the Linux iptables and Network Namespaces. As a reminder of what we're dealing with, today's cloud infrastructure is increasingly viewing a group of machines as a "service" rather than just hosts connected to the internet. Abtracting machines into services allows easier horizontal scaling as we can load balance between instances of those services. Doing this sort of abstraction requires a service name that is not associated to a particular machine. This…

Working with type systems and communications can be very difficult. In Haskell, messages between threads are usually conveyed through channels that only accept a single type, and as a result are not very versatile. In networked systems, a stream of bytes is sent that hopefully conforms to one of many protocols including TCP, UDP, and HTTP, and hopefully both parties agree on what is sent and when. Session Types are a way to bridge the gap between these systems, as they can capture complicated protocols, and be properly type checked. There are many ways that Session Types are notated and…

In 2016, Docker has officially updated their image specification from V1 to V2, adopting a more sophisticated scheme that is inline with OCI Container Image Specification. There are only a few minor differences between Docker's image spcification V2 and OCI image specification (See Compatibility Matrix). Here we will discuss some of the major changes from V1 and V2, and why Docker has moved towards these changes. Image vs Container Docker images contain the underlying changes in the root filesystem, and the execution parameters of a container. When we write a Dockerfile, the FROM clause bring in a base image from…

The Matrix AI team has been developing Polykey, a distributed peer-to-peer secret sharing system. It is intended to manage secrets, passwords, API keys for both humans and machines. Many secret management systems have been designed either only for humans, or only for machines. We think this is unnecessary and intend Polykey to work in both cases. However for this article, we'll focus solely on what Polykey provides to the Matrix infrastructure. Matrix Automatons may require secrets in order to communicate to an external API. There are several challenges to managing infrastructural secrets: How to automatically deploy software which relies on…

TCP/IP networking relies on IP addresses mapped to a machine to facilitate routing through the Border Gateway Protocol (BGP). This mapping is usually done through the DNS, which maps human-readable names ("cats.com") to IP addresses. Service centric networks are an alternative/extension to DNS, where the host maintains their own table of mappings from service names to tuples of IP address and port number, but with additional capabilities to control the routing of data. This additional flexibility is usually referenced in the literature as separating the control plane and data plane. The key advantage provided by…