The SAHARA Project: Composition and Cooperation in the New Internet

1
The SAHARA ProjectComposition and
Cooperationin the New Internet

• Randy H. Katz, Anthony Joseph, Ion Stoica
• Computer Science Division
• Electrical Engineering and Computer Science
  Department
• University of California, Berkeley
• Berkeley, CA 94720-1776

2
Research Focus

• New mechanisms, techniques for end-to-end
  services w/ desirable, predictable, enforceable
  properties spanning potentially distrusting
  service providers
• Tech architecture for service composition
  inter-operation across separate admin domains,
  supporting peering brokering, and diverse
  business, value-exchange, access-control models
• Functional elements
• Service discovery
• Service-level agreements
• Service composition under constraints
• Redirection to a service instance
• Performance measurement infrastructure
• Constraints based on performance, access control,
  accounting/billing/settlements
• Service modeling and verification

3
Focus of this Presentation

• Within context of general presentation of Sahara,
  organize coherent view of the groups efforts on
  connectivity
• Incorporate into HP Labs presentation on
  Wednesday and Microsoft Research in early August

4
Technical Challenges in Composition and
Cooperation

• Trust management and behavior verification
• Meet promised functionality, performance,
  availability
• Recompose if component does not meet spec or
  fails
• Adapting to network dynamics
• React to shifting workloads and network
  congestion, based on pervasive monitoring
  measurement
• Awareness of network topology to drive service
  selection
• Adapting to user dynamics
• Resource allocation responsive to client-side
  workload variations
• Resource provisioning and management
• Service allocation and service placement
• Interoperability across multiple service
  providers
• Interworking across similar services deployed by
  different providers

5
Layered Reference Modelfor Service Composition

• Connectivity Plane
• End-to-end network with desirable properties
  composed on top of commodity IP network
• Enhanced Links Paths QoS and protocol
  verification within and between connectivity
  service providers
• Applications Plane
• Services strategically placed and actively
  managed within the network topology
• Applications and Middleware Services end-client
  oriented vs. infrastructure oriented

6
Layered Reference Model for Service Composition
End-User Applications
Applications Services
Application Plane
Middleware Services
End-to-End Network With Desirable Properties
Enhanced Paths
Connectivity Plane
Enhanced Links
IP Network
7
Mechanisms for Service Composition

• Measurement-based Adaptation
• Examples
• General-purpose third party end-to-end Internet
  host distance monitoring and estimation service
• Universal In-box Application-specific middleware
  measurement layer to exchange network and server
  load using link-state algorithm
• Content Distribution Networks measurement-based
  DNS-based server selection to redirect client to
  closest service instance

8
Mechanisms for Service Composition

• Utility-based Resource Allocation Mechanisms
• Examples
• Auctions to dynamically allocate bandwidth
  resource
• Congestion pricing influence user behavior to
  better utilize scarce resources applied in
• Wireless LAN bandwidth allocation and management
• H.323 gateway selection, redirection, and load
  balancing for Voice over IP services

9
Mechanisms for Service Composition

• Trust Mgmt/Verification of Service Usage
• Authentication, Authorization, Accounting
  Services
• Authorization control scheme w/ credential
  transformations to enable cross-domain service
  invocation
• Federated admin domains with credential
  transformation rules based on established peering
  agreements
• AAA server makes authorization decisions,
  liberating providers from preparing rules for
  each affiliated domain
• Service Level Agreement Verification
• Verification and usage monitoring to ensure
  properties specified in SLA are being honored
• Border routers monitoring control traffic from
  different providers to detect malicious route
  advertisements

10
Mechanisms for Service Composition

• Policy Management
• Visibility into local policies to better
  coordinate global policies among (cooperating)
  service providers
• Inter-AS policy architecture for load balancing,
  performance, and failure modes throughout the
  network
• Internet topology discovery through AS
  relationship map of the Internet plus measurement
  infrastructure
• Policy agent framework for inter-AS negotiation
  to manage incoming traffic

11
Mechanisms for Service Composition

• Interoperability through Transformation
• Interoperability of data, protocols, policies
  among composed service providers
• Example
• Broadcast federation global multicast service
  composed from multicast implementations in
  different provider domains
• Protocol transformation gateways between admin
  domains employing non-interoperable multicast
  protocol implementations

12
Enhanced LinksWorks in Progress

• Congestion Pricing for Access Links (Jimmy)
• Auction-based Resource (Bandwidth) Allocation
  (Weidong, Matt)
• Traffic Policing/Verification of Bandwidth
  Allocation (Machi, Mukund, Ion)

13
Access Link Congestion Pricing

• Setup
• 10 users
• 3 Classes of Service (Slow, Moderate,
  Responsive), differ in traffic smoothing
• 24 tokens/day, 15 minutes of usage per charge
• Acceptable
• Users make purchasing decision at most once every
  15 minutes
• Feasible
• Changing prices cause users to select different
  CoS
• Effective
• If half of users to choose lower CoS during
  congestion, then reduce burstiness at access
  links by 25

14
Auction-based Resource Allocation

• Problem
• Allocate resources according to apps dynamic
  requirementsachieve higher utilization than
  possible with static schemes
• Approach
• Leveraging auction schemes and work-load
  predictions

• Features
• Bidders bid based on app requirements and
  contention level
• Bidders bid for near future resource based on
  recent history
• Bidders express utility and priority to
  auctioneer
• Auctioneer changes priority by varying token
  allocation rate
• Status
• On-going work
• First application bandwidth allocation in ad hoc
  wireless networks

15
Bandwidth Allocation

• Problem
• Scalable (stateless) and robust bandwidth
  allocation
• Approach
• Control Plane
• Soft state
• Per-router per-period certificates for robustness
  without per-flow state
• Random sampling to prevent duplicate refreshes
• Data Plane
• Monitor aggregate flows
• Recursively split misbehaving aggregates

R1 attaches new certificate to the refresh message
misbehaving aggregate split it
16
Architectural Matrix
Measure-based Adaptation
Resource Allocation
Interop By Xform
Trust Verify
Policy Mgmt
Congestion Pricing For Access Links Auction-Based
Resource Allocation Traffic PolicingVerificatio
n of B/W Share
Link-oriented Measurement only
Good Behavior Assumed
17
Link Management Architecture
Policy Token Price, Auction Frequency
User
Appl
Enforcement Traffic Shaping Good Behavior Policing
Allocation Decision Price Setting Auction
Bid Admission
Flow
Monitoring Aggregate Flow Bandwidth Random
Sampling
18
Enhanced PathsWorks in Progress

• BGP Route Flap Dampening (Morley)
• BGP Policy Agents (Sharad)
• Backup Path Allocation in Overlay Networks
  (Weidong)
• Host Mobility (Shelley, Kevin)
• Multicast Interoperation (Mukund)

19
BGP Stability vs. Convergence

• Problem
• Stability achieved through flap damping RFC2439
• Unexpected flap damping delays convergence!

• Topology Clique of routers

• Solution Selective flap damping sigcomm02
• Duplicate suppression
• Ignore flaps caused by transient convergence
  instability
• Still contains stability
• Eliminates undesired interaction!

20
Policy Management for BGP

• Problem
• 3-15 minute failover time
• Slow response to congestion
• Unacceptable for Internet service composition

• General Approach
• Lack of distributed route control
• Need distributed policy management
• Explicit route policy negotiation

• Status
• Identified current routing behavior
• Inferred AS relationships, topology
• Next gather traffic data, finish code, emulate

21
Backup Path Allocation in Overlay Networks

• Challenge
• Disjoint primary backup path in overlay network
  share underlying links--overlay network cannot
  control underlying links used by a path
• Problem
• Find primary backup path pair with min failure
  prob based on correlated overlay link failures
• Approach
• Decouple backup routing from primary path routing
• Route backup paths based on failure prob cost
  which measures incremental path failure
  probability caused by using a link in the path
• Status
• Finished work, submitted to ICNP02

22
Host Mobility Using an Internet Indirection
Infrastructure

• Problem
• Internet hosts increasingly mobileneed to
  remain reachable
• Flows should not be interrupted
• IP address represents unique host ID net
  location
• ROAM (Robust Overlay Architecture for Mobility)
• Leverages i3 overlay network triggers forward
  packets
• Efficiency, robustness, location privacy,
  simultaneous mobility
• No changes to end-host kernel or applications
• Cost i3 infrastructure, proxies on end-hosts
• Simulation Experimental Results
• Stretch lower than MIP-bi ? able to choose nearby
  triggers
• 50-66 of MIP-tri when 5-28 domains deploy i3
  servers
• Even 4 handoffs in 10 seconds have little impact
  on TCP performance

(ID, data)
(ID, R)
Sender (S)
(ID, data)
(ID, R)
Receiver (R)
23
Multicast Broadcast Federation
Source

• Goal
• Compose non-interoperable m/c domains to provide
  end-to-end m/c service
• IP and App-layer protocols
• Approach
• Overlay Broadcast Gateways (BGs)
• Interdomain peering via BGs
• Interdomain, local mc capability used
• Clustered gateways for scale
• Independent data control flow

Broadcast Domains
CDN
IP Mul
SSM
Clients
BG
Peering
Data

• Implementation
• Linux/C event-driven program
• Easily customizable i/f to local mc capability
  (700 lines)
• Up to 1 Gbps BG thruput w/6 nodes
• Up to 2500 sessions w/6 nodes

24
Architectural Matrix
Measure-based Adaptation
Resource Allocation
Interop By Xform
Trust Verify
Policy Mgmt
Interdomain RoutingBGP Convergence Load
Balancing Overlay NetworksOverQoS Enhanced
RoutingMobility Multicast Path
Reliability Failure Detection Back-up
Provisioning
25
Enhanced Path Architecture
Robust Paths Failure Detection Backup Path
Provisioning
Keep-alive SignalingAlternative Path
Routing Real Time Design Time
Overlays Quality of Service Mobility
Adaptive FEC (OverQoS) Mobility via
Wide-areaNaming Triggers
Interdomain Protocol Interoperation Multicast
Protocol Transformation
Scalable Gateways
Route Advertisements Flap Detection/Damping Fast
Prop of New RoutesMulti-homed Load Balance
Enhanced Interdomain Routing Verification/Converge
nceFast RecoveryPolicy- and Load-based Routing
Topology Discovery AS Hierarchy via Route
AdvertisementsDistance (Latency) Measurements
BGP Log Analysis Active Probing (ROAM)
26
Enhanced Path Architecture
Robust Paths Keep-Alive, Backup Pathing
Policy Agent Coordination
Policy-Based Routing Advert Propagation
Scalable Gateways Protocol Interop
Overlay Network
Flap Detection Dampening
Mobility via Naming Triggers
Verification of Advertisements
QoS via FEC
Topology-Aware Routing Policy
Internet
PA
AS
AS
PA
GW
Routing Logs
GW
AS
PA
27
Middleware ServicesWorks in Progress

• Measurement and Monitoring Infrastructure (Yan)
• Robust Service Composition (Bhaskar)
• Authorization Interworking (Suzuki)

28
Internet Distance Monitoring Infrastructure

• Problem N end hosts in different administrative
  domains, how to select a subset to be probes, and
  build an overlay distance monitoring service
  without knowing the underlying topology?

• Solution Internet Iso-bar
• Clustering of hosts perceiving similar
  performance
• Good scalability
• Good accuracy stability
• Tested with NLANR
• AMP Keynote data
• Small overhead
• Incrementally deployable
• SIGMETRICS PAPA 02
• CMG journal 02

Cluster C
Cluster B
Cluster A
Monitor
Distance from monitor to its hosts
Distance measurements among monitors
End Host
29
Availability in Wide-AreaService Composition
Text to audio

• Issue Multi-provider ? WA composition
• Poor availability of Internet path ? Poor service
  availability for client

Text to audio

• gt15sec outage
• Note BGP recovery could take several minutes
  Labovitz00

• Fix detect and recover from failures using
  service replicas
• Highlight of results
• Quick detection (2sec) possible
• Scalable messaging for recovery (can handle
  simultaneous failure recovery of 1000s of
  clients)
• See SPECTS02 paper
• More recent results on load balancing across
  service replicas

• End-to-end recovery in about 3.6sec 2sec
  detection, 600ms signaling, 1sec state
  restoration

WA setup UCB, Berk. (Cable), SF (DSL), Stan.,
CMU, UCSD, UNSW (Aus), TU-Berlin (Germany)
30
Authorization Control Across Administrative
Domains
Trusted third party
Domain 1
Should grant access?
Authorization Authority
Service
Decision
Request - certificates - credentials
Verification
Policy compliance check
Certificates Credentials
Credential transformation
Domain 2
User
Trust peering agreement - credential
transformation rule

• Authorization authority
• Provides authorization decision service.
• Manages different verification methods and
  credentials.
• Trust peering agreement
• Credential transformation rule
• Acceptable verification method

31
Applications ServicesWorks in Progress

• Applications Services
• Voice Over IP (Matt)
• Adaptive Content Distribution (Yan)
• (Universal In-Box) (Bhaskar)

32
IP Telephony Gateway Selection
LS
ITG
LS
ITG
LS
ITG

• Results
• Congestion sensitive pricing decreases
  unnecessary call blocking, increases revenue, and
  improves economic efficiency
• Hybrid redirection achieves good QoS and low
  blocking probability

• Goal High quality, economically efficient
  telephony over the Internet
• Questions How to
• Perform call admission control?
• Route calls thru converged net?

33
SCAN Scalable Content Access Network

• Problem Provide content distribution to clients
  with small latency, small of replicas and
  efficient update dissemination
• Solution SCAN
• Leverage P2P location services to improve
  scalability and locality
• Simultaneous dynamic replica placement
  app-level multicast tree construction

data plane
data source

• Close to optimal of replicas wrt latency
  guarantee
• Small latency bandwidth for sending updates
• IPTPS 02
• Pervasive 02

Web server
SCAN server
network plane