Post on 30-Dec-2015
transcript
Active Networks – The Active Networks – The Network FutureNetwork Future
By
Samatha Gangapuram
Prashant Shanti Kumar
Harish Kumar Maringanti
Assigned Unenviable taskAssigned Unenviable task
What
Why
How
Where
Active Networks – Active Networks – What ?What ?
No general agreement beyond buzz phrases.
“Active networks explore the idea of allowing routing elements to be extensively programmed by the packets passing through them.”
Legacy Vs Active Legacy Vs Active
Legacy Networks
Passive packet. Rely on agreement
about protocols. Functionality built
into each router. Change is a long and
wrenching process.
Active Networks
Active Packet. General agreement on
model of computation. Functionality in each
packet. Improved resilience to
change.
AN - ServicesAN - Services
Active Networks – Why ?Active Networks – Why ?
Rapid deployment and development. Creating and Tailoring network
services. Better performance. Open to deploy and administer.
Active Networks – How ?Active Networks – How ?
AN Paradigms
Programmable Switch Model Capsule Model Ad – hoc Model
Active Networks – How ?Active Networks – How ?
Programmable Switch :
Code is first transferred to the nodes, out – of – band.
Packets are treated as data or input to the code.
Active Networks – How ?Active Networks – How ?
Capsule Model :
Each packet is a program.
Each intermediate node executes the packet.
Active Networks – How ?Active Networks – How ?
Ad – hoc Model :
Packet contains flags.
Node contains in-built routines.
Based on flag, routines are executed.
A N - TerminologiesA N - Terminologies
User Application (UA)
Active Application (AA)
Execution Environment (EE)
Node Operating System (NodeOS)
The NodeOS is the base layer of any AN architecture.
It manages the resources of the active node and co-ordinates the resource demands.
NodeOS is also responsible for the enforcement of security policies.
Examples
SANE OS, JANOS, SCOUT, ExoKernel
NodeOSNodeOS
E EE E
Nerve Center of the Active Node
Responsible for all aspects of user-network interface.
Nature of programming model and abstractions supported.
Addressing and Naming facilities.
ExamplesSmartPackets, ANTS, CANE
A AA A
AA is a program and associated state capable of executing one or more active activities in a node, to perform some particular service.
AA is necessarily “portable” and dynamically installable or removable.
Examples
Active Reliable Multicasts, Protocol
Boosters, Active Congestion Control.
A N - ArchitectureA N - Architecture
App 1 App 2 App 3 App 1 App 4 App 3
Execution Environment A
Execution Environment B
Execution Environment A
Execution Environment B
Node OS Node OS
Transmission Facilities
Packet TransitionPacket Transition
EE 3
EE 1
EE 2
ANEP IP
ANEP IPUDP
UDP IP
I P
I P
TCP IP
I P UDP ANEP
I P UDP
I P
I P TCP
I P
I P ANEP
Implementation Implementation ChallengesChallenges
The network should be usable
The network should have high flexibility
The implementation should be secure
The network should have high performance
Killer ArgumentsKiller Arguments
Efficiency
Resource Allocation
Security
EfficiencyEfficiencyHiccups: Bandwidth demand is growing faster than
CPU speed – bad idea to execute arbitrary programs on packets.
Most programming languages are interpreted – JAVA byte code, plain interpreter.
Cure:Don’t propose AN for the core of the Internet.Use just-in-time compilation, native code.Hybrid architectures (high speed AN!)
Resource AllocationResource AllocationHiccups: Fairness in queuing is a problem. Cannot guarantee QoS. Cannot control Looping packets.
Cure:Provide distributed control (Scaling).resource reservation in advance, resource
preemption.Limit capabilities of the active packet.
SecuritySecurity
Security cannot be limited to peripheral nodes.
Possible threats:
Overload based Denial of Service
Unauthorized access to the exposed control plane.
Secure Node doesn’t mean Secure Network.
Security at NodeOSSecurity at NodeOS
Security Enforcement through Authorizations.
Authorization policies are expressed in terms of Access Control Lists, which is a logical 3 - tuple of the form : <resource, user, permissions>
NodeOS has a security policy database and a policy enforcement engine.
Security at EESecurity at EE
Each EE has it's own protection policy, possibly a security database and an enforcement engine.The programming model that an EE supports must also be restricted to ensure network security.No broad consensus on the division of responsibility for policy enforcement between the NodeOS and the EE.
Security in SwitchWareSecurity in SwitchWare
Uses ALIEN active loader.
Code Modules loaded on the fly.
Restricts access using namespaces.
Uses a language specification called CAML.
AN – APPLICATIONSAN – APPLICATIONS
Network Management Multicasting Caching Active Congestion Control Security
Network ManagementNetwork Management
No polling required"Patrol" and "first-aid" packets can track a problem and rectify it respectively.Code moved to node rather than data to management center
Example:Delegated Management. Decentralization helps in scalability, reducing delays from responses and effective bandwidth utilization.
MulticastingMulticasting
Active internal nodes elegantly solve many current problems such as:
NACK implosion.
Concentrated load of retransmissions.
Duplication of packets.
Example: ARM
Suppression of NACK & effective retransmission
Active Congestion Active Congestion ControlControl
Selective dropping of units, packets or cells can be held very efficiently.
Multi-stream interaction.
Example: APCI
Backward compatibility with non-active
nodes & on the fly routing employed.
CachingCaching
Tradeoff between network based storage & bandwidth.
Location & time of storage crucial.
Example:
Self-organizing wide-Area Network
caches: small number of caches within
routers form large virtual cache.
SecuritySecurity
Node – Packet conflict.
Node security by authentication of active
packets & PCC(Proof Correct Code).
Packet security by Fault-tolerance &
Encryption.
Example:SANE
AN - ServicesAN - Services
Video on Demand VPN Multimedia Conferencing VoIP / IP Telephony Active Firewalling
AN - ServicesAN - Services
Web Browser
Web Cache Web Server Proxylet Server
Dynamic Proxy Server
WebCache Proxylet
Request
Response
Dynamic Proxy Server
Audio Transcoder
Remote MethodInvocation Call
Request
Request
AudioResponse
ProxyletRequest
ProxyletResponseAudio File
Request
Audio FileResponse
RTP Streamed Audio
New Content-type orRedirection Header
““Retrofitting" AN to IPRetrofitting" AN to IP
The Active IP Option: Option in the IP header alerts the router to
look at the packet payload more closely.
Active Network Encapsulation Protocol (ANEP):
Adds a header that directs the router.
AN & LegacyAN & Legacy
SmartPackets – A Case SmartPackets – A Case StudyStudy
Uses Capsule model: Code with IP packetPrograms must be completely self-contained.Operating environment provides security.
Languages:
Sprocket – A high level language
Spanner – An assembly level language
SmartPackets – A Case SmartPackets – A Case StudyStudy
Uses ANEP to fit with Legacy Networks
NodeOs – JanOs
EE – CANES/ASP
AA - Network Management
SmartPackets – A Case SmartPackets – A Case StudyStudy
Network ManagementDefines 4 types of packets: Program Data Error Message
SmartPackets – A Case SmartPackets – A Case StudyStudy
Security
For Nodes: Authentication of packet Cryptographic hash of non-mutable fields
For packets: Redirection Encryption
SmartPackets – A Case SmartPackets – A Case StudyStudy
Limitations Packet size Applications adaptability
Scope
Extending for other applications
Current WorkCurrent Work
Active Nets at DARPA ActiveNets at MIT ANTS at Washington SwitchWare at UPenn JANOS & OSkit at Utah Liquid Software at Arizona Panda at UCLA NetScript at Columbia CANES at Georgia Tech Smart Packets at BBN
ConclusionConclusion
Is Active Network really the future ?
ReferencesReferences
Darpa
http://www.darpa.mil/ito/psum1999/J044-0.html
Switchware
http://www.cis.upenn.edu/~switchware/
CANES
http://www.cc.gatech.edu/projects/canes/
www.ieee.org
www.citeseer.com