1
From SAHARA to OASIS:The Last SAHARA RetreatThe First OASIS Retreat
I3 and Tapestry Mini-Retreats
16-18 June 2004
Randy H. Katz, Anthony Joseph, Ion StoicaComputer Science Division
Electrical Engineering and Computer Science DepartmentUniversity of California, Berkeley
Berkeley, CA 94720-1776
2
Retreat Goals &Technology Transfer
UC Berkeley Project Team Industrial CollaboratorsFriends
PeopleProject Status
Work in ProgressPrototype Technology
Early Access to TechnologyPromising Directions
Reality CheckFeedback
3
Who is Here (Industry)• Cisco
– David Jaffe
• Hewlett-Packard Labs– Wai-Tian Dan Tan– Nina Bhatti
• IBM– Honesty Young
• Nortel Networks– Andy Gram– Tal Lavian
• NTT MCL– Tetsuya Nakamura
• Sun Microsystems– Christoph Schuba
• Univ. Helsinki/Nokia– Kimmo Raatikainen
• Special Friends– John Chuang – Bryan Lyles– Greg Minshall– Scott Shenker
Green = First Retreat!
4
Who is Here (Berkeley)• Professors
– John Chuang– Anthony Joseph– Randy Katz– Scott Shenker– Ion Stoica
• Technical & Admin Staff– Bob Miller– Glenda Smith– Keith Sklower
• Grad Students– Weidong Cui– Denis Geels– Philip Godfrey– Ling Huang– Jayanthkumar Kannan– Karthik
Lakshminarayanan
• Grad Students– Yin Li– Sridhar Machiraju– Ana Sanz Merino– George Porter– Anantha Rajagoplala-Rao– Mukund Seshadri– Sonesh Surana– Lakshmi Subramanian– Mel Tsai– Fang Yu
• Undergrad Students– Enrique Cervantes– Sebastian Garcia– Marti Motoyama
• Visiting Scholars– Dario Rossi
5
Retreat Purpose
• Sixth (and last) SAHARA Retreat/First OASIS Retreat
– SAHARA launched 1 July 2001– OASIS focus on Reliable Adaptive Distributed
Systems
• Common thread: architectural elements for future networks
– “Services” inside the network: code vs. protocols, location/topology-aware
– SAHARA:» Independent service providers» Converged data + telecomm nets» Hetero access + core nets
– OASIS: emerging technology of PNEs» Network layer observation, analysis, and
action
• Co-locate w/ROC Retreat– NSF Cybertrust Center Proposal:
Center for Adaptive Trustworthy Systems (CATS)
6
SAHARA
•Service•Architecture for•Heterogeneous•Access,•Resources, and•Applications
7
SAHARA Vision and Approach
• New mechanisms, techniques for end-to-end services w/ desirable, predictable, enforceable properties spanning potentially distrusting service providers
• Architecture for service composition and inter-operation across separate administrative domains, supporting peering and brokering, and diverse business, value-exchange, access-control models
• Routing as a Reachability “Service”– Implementing paths between composed service
instances,e.g., “links” within an overlay network
– Multi-provider environment, no centralized control
8
Reachability as a Composed Network
Service• Morphed from Distributed Service Architecture to
Interdomain Routing Architecture– Internet’s primary means for managing peering and achieving
end-to-end reachability» Networking glue between service execution points explored
by Raman’s Ph.D. dissertation on service composition – Limited visibility into AS policies makes it difficult to achieve good
global behaviors from locally good specifications» Improved path visibility through AS Beaconing (Mao Ph.D.
dissertation)» Root Cause Analysis of BGP Dynamics (Caesar M.S.
dissertation)– Many well-known security vulnerabilities
» Lakshmi’s work on checkable protocols– Motivation for overlays to achieve application-specific reachability
properties» Investigations in overlay routing, orthogonal paths, multipath
routing, cooperation among overlay networks, etc.
9
Sahara Theses• Ph.D.
– Bhaskar Raman, “An Architecture for Availability and Performance in Wide-Area Service Composition,” (Ph.D., December 2002).
– Jimmy Shih, “"Applying Congestion Pricing at Access Points for Voice and Data Traffic“, (Ph.D., May 2003).
– Yan Chen, “Scalable Efficient Network-Aware Content Distribution Networks,” (Ph.D., Dec 2003).
– Z. Morley Mao, “Solving the Interdomain Routing Puzzle—Understanding Interdomain Routing Dynamics,” (Ph.D., December 2003).
– Almudena Konrad, “TAPAS: A Research Paradigm for the Modeling, Prediction, and Analysis of Non-stationary Network Behavior,” (Ph.D., December 2003).
– Sharad Agarwal, “Influence of Interdomain Routing on Intradomain Traffic Engineering,” (Ph.D., August 2004, expected).
10
Sahara Theses
• M.S.– Lakshminarayanan Subramanian, “On Inferring the Geographic
Properties of the Internet,” (M.S., May 2002).– Fang Yu, “Study of the Restoration Path Block Problem in
Optical Networks,” (M.S., December 2002).– Mukund Seshadri, “A Scalable Architecture for Broadcast
Federation,” (M.S., December 2002).– Weidong Cui, “Backup Path Allocation Based on a Correlated
Link Failure Probability Model in Overlay Networks,” (M.S., May 2003).
– George Porter, “Traffic Matrix Estimation for Low-loss Routing in Hybrid Networks,” (M.S., May 2003).
– Sridhar Machiraju, “A Scalable and Robust Solution for Bandwidth Allocations,” (M.S., May 2003).
– Matt Caesar, “Root Cause Analysis of BGP Dynamics,” (M.S., August 2004, expected ).
11
Overlays and Active Services for Inter-networked Storage
and
Center forAdaptiveTrustworthySystems
12
says: “The Network is the Computer”
We say: “The Computer is the Network”
13
Proliferation of Network Appliances
In-the-Network Processing: the Computer IS THE Network
F5 Networks BIG-IP LoadBalancerWeb server load balancer
Packeteer PacketShaperTraffic monitor and shaper
Ingrian i225SSL offload appliance
Network Appliance NetCacheLocalized content delivery platform
Nortel Alteon Switched FirewallCheckPoint firewall and L7 switch
Cisco IDS 4250-XLIntrusion detection system
Cisco SN 5420IP-SAN storage gateway
Extreme Networks SummitPx1L2-L7 application switch
NetScreen 500Firewall and VPN
14
Generic PNE Architecture
InterconnectionFabric
Inp
ut
Port
s
Outp
ut
Port
s
Buffers
Buffers
Buffers
TagMem
CPCPCPAP
ActionProcessor
CPCPCPCP
ClassificationProcessor
Rules &Programs
15
Adaptive Edge Networks
• Server Edge• Network Edge• Device Edge
NetworkEdge
ServerEdge
DeviceEdge
Server Load BalancingStorage Nets
NAT, Access ControlNetwork-Device Configuration
Firewall, IDSTraffic Shaper
PNE
PNE
PNE
16
OASIS Vision• Specification/control environment for diverse
network elements to realize full power of “inside the network” services and applications
• Via virtualized architecture for PNEs (aka RouterVM), retarget for diverse appliance-specific architectures
• Focus on stream extraction, intrusion detection, network monitoring, iSCSI acceleration
• Sys admins “program” the network through service specification and composition
• Open framework for multi-platform appliances, enabling third party service development
17
Center for Trustworthy
Systems(CATS)
18
Reliable Adaptive Distributed Systems
Dramatically improve the trustworthiness of networked systems
• Observe: design observation points throughout system
• Analyze: infer via statistical learning– Respond: detect anomalous behavior vs. baseline– Learn: use observations to modify responses to future
observations
• Act:– Reactive: use control points in system for rapid
recovery if detect something wrong– Proactive/protective: prophylactically act on system to
prevent predicted impending failure
Armando Fox, Michael Jordan, Dave Patterson, Doug Tygar
19
Brittle Distributed Systems• Fragile, easily broken, poor dependability and security
– E.g., Amazon: yearly revenue $3.1B, downtime costs $600,000/hr
• Design for rapid detection, diagnosis, recovery– Rapid application and server recovery, agile network rerouting,
proactive protective actions ...– No distinction between “normal operation” and “recovery”
• Elements of our solution– Programming paradigms for robust recovery– Crash-only software design for rapid server recovery– Network protocols designed for observation to allow rapid detection
of behavioral violations– Instrumentation and SLT for on-line analysis, anomaly detection,
diagnosis of failure
• Adaptation benchmarks to measure progress– What you can’t measure, you can’t improve– Collect real failure data to drive benchmarks
20
EdgeNetwork
Reliable AdaptiveDistributed Systems
DistributedMiddleware
Client
SLT Services DistributedMiddleware
Server
InternetIP Network
Router Router
EdgeNetwork
PNE PNE
“Reactive Systems”ProgrammingAbstractionsFor Roll-back
Crash-Oriented SvrcsObservation
Infrastructure forSystem SLT
Verifiable ProtocolsFast Detection &Route Recovery
ObservationInfrastructure for
network SLT
CommodityInternet
OperatorUser
Application-Specific
Overlay Network
21
Winter04 Retreat Feedback
• Retreat Organization:– More time for posters, such as two poster sessions– Industry talks on emerging technologies or applications– Missing session on 6 month planning
• Technical Comments:– Shift in focus from SAHARA network layer consideration to
RADS network/application interaction» Challenges in “learning” user and application behavior
—can SLT be effective?» Need for testbeds
– Overlay Networks: what are the applications?
22
Plan for the Retreat• Wednesday, 16 June 2004
– 1000-1200 Drive to Santa Cruz– 1200-1300 Check-in and Lunch– 1300-1500 Overviews and Status
» Randy, OASIS Overview and Status» Ion, I3 Overview and Status» Anthony, Tapestry? Deter? Overview and Status
– 1500-1530 Break– 1530-1700 Highlight Talks
» Lakshmi: Secure Link State Routing» AP: An Overlay MAC Layer for 802.11 Networks» Kris: "Locating Nearby Objects in Peer-to-Peer Networks"
– 1700-1800 Poster Session– 1800-1930 Dinner– 1930-2030 Faculty Panel
» CATS Center and Preparation for Thursday Breakout– 2030-2130 Posters (continued)
23
Plan for the Retreat• Thursday, 17 June 2004
– 0730-0830 Breakfast– 0830-1000 PNE Architecture and Services (Randy)
» Mel: RouterVM» George: StreamTracker» Li: iSCSI Performance» Fang: TCAM Classification
– 0830-1000 PARALLEL SESSION ORGANIZED BY ION AND ANTHONY– 1000-1030 Break– 1030-1200 Cross Retreat Workshop and Breakout Session
» Observe: Weidong, Ana, George» Analyze: Mukund, Fang, Machi» Act: Lakshmi, Mel, Li
– 1200-1300 Lunch– 1300-1630 Long Break– 1630-1800 Industrial Talks
» Moises Goldszmidt, HP Labs, “Pattern Recognition Approach to Characterizing System Performance”» Greg Messer, US Bank, “Performance and Dependability Issues in a Banking Service”
– 1800-1930 Dinner– 1930-2100 GANNET: Generation After Next Network Models and Services (Randy)
» Weidong: Monitoring» Mukund: Overlay Management and Multipath Routing» Machi: A Cryptographic Approach to Safe Inter-domain Traffic Engineering» Ana: Authentication across Heterogeneous networks
– 1930-2100 PARALLEL SESSION ORGANIZED BY ION AND ANTHONY
24
Plan for the Retreat
• Friday, 18 June 2004– 0730-0830 Breakfast– 0830-0930 Workshop Reports and Feedback– 0930-1000 Break and Room Check-out– 1000-1200 Industrial Feedback– 1200-1300 Lunch– 1300-1500 Drive back to Berkeley
25
Recent SAHARA-Related Publications
• S. Agarwal, T. G. Griffin, “BGP Proxy Community Community,” IETF Internet Draft, work in progress, (January 2004).
• L. Subramanian, V. Roth, I. Stoica, R. H. Katz, S. Shenker, “Listen and Whisper: Security Mechanisms for BGP,” USENIX/ACM Symposium on Networked System Design and Implementation (NSDI’04), San Francisco, CA, (March 2004). Best Student Paper Award.
• L. Subramanian, I. Stoica, R. H. Katz, H. Balakrishnan, “OverQoS: An Overlay Based Architecture for Enhancing Internet QoS,” USENIX/ACM Symposium on Networked System Design and Implementation (NSDI’04), San Francisco, CA, (March 2004).
• Y. Matsunaga, R. H. Katz, “Inter-Domain Radio Resource Management for Wireless LANs,” Wireless Communications and Networking Conference (WCNC’2004), Atlanta, GA, (March 2004).
• Z. Mao, D. Johnson, J. Rexford, J. Wang, R. H. Katz, “Scalable and Accurate Identification of AS-level Forwarding Paths,” Proc. IEEE INFOCOM Conference, San Francisco, CA, (March 2004).
• S. Agarwal, C.-N. Chuah, S. Bhattacharyya, C. Diot, “Impact of BGP Dynamics on Router CPU Utilization,” Passive Active Measurement (PAM) Workshop, Antibes Juan-les-Pins, France, (April 2004).
• G. Porter, M. Ji, “Delta Routing: Improving the Price-Performance of Hybrid Private Networks,” IEEE/IFIP Network Operations & Management Symposium (NOMS), Seoul, Korea, (April 2004).
• S. Agarwal, C.-N. Chuah, S. Bhattacharyya, C. Diot, “Impact of BGP Dynamics on Intra-Domain Traffic,”ACM SIGMETRICS Conference, New York, NY, (June 2004).
• Y. Chen, D. Bindel, H. Song, R. H. Katz, “An Algebraic Approach to Practical and Scalable Overlay Network Monitoring,” ACM SIGCOMM Conference, Portland, OR, (August 2004).
26
Sahara and OasisRetreat
Overview
Randy H. Katz
Univ. of CaliforniaBerkeley, CA94720-1776