Active Networks: Applications, Security, Safety and Architectures

1
Active Networks Applications, Security, Safety
and Architectures

• Author Konstantinos Psounis Stanford University
  
• Presenter Sanjay Agrawal
• Purdue University

Purdue University Nov 15, 2000
2
Passive and Active Networks

• Passive Consists of smart hosts at the edges of
  the network performing computations up to the app
  layer, routers interconnecting them can only
  perform computations up to the network layer.
• Active Allows Intermediate routers to perform
  computations up to the application layer. Users
  can program the network by injecting programs
  into them.

3
Networks, Passive and Active

• Passive Networks
• Processing limited to Routing, congestion
  Control and QoS Schemes
• Problems
• 1. Difficulty of integrating new technologies
• 2. No support for applications that require
  computation within the network.
• 3. Poor performance due to redundant operations.

4
Need for Active Networks

• Need an ability to program the networks.
• Networks should be able to do computations on
  user data.
• Users can supply the programs to perform these
  computations.

5
Arguments for and against AN

• Against
• Internet successful because of its simplicity.
• For
• Need
• Will increase the pace of innovation.
• Mobile code technology enables it.
• End to end performance of applications will
  improve.

6
End to End Argument

• A function or service should be placed in the
  network only if it can be implemented cost
  effectively.
• Idea of AN is compatible with this argument.
• Some services can best be supported using info
  available inside the net.

7
Online Auctions

• The price info by server may not be up-to- date
  causing client to submit a low bid.
• So auction server will receive bids that are too
  low and must be rejected.
• In AN such low bids can be filtered out in the
  network, before reaching the server.
• At heavy load, server activates filters in nearby
  nodes, updating them with current price
  periodically.
• Frees server resources for processing competitive
  bids, reduces net utilization at the server.

8
Performance..

• Improvement brought about by delegating some of
  apps functionality to internal network nodes.
• Normal traffic could infact benefit from active
  processing which will reduce bandwidth
  utilization in some regions of the network.
• Doing work within the network reduces the total
  amount of work done by the app.

9
Performance

• We need App performance rather than network
  performance, which are not correlated.
• AN may cause fewer pkts to be sent, with longer
  per hop latencies because of increased
  computation and storage.
• Still overall app performance will improve,
  because of reduced demand for bandwidth at
  end-points.

10
Applications

• Active Networks can be beneficial for a variety
  of applications
• Network Management
• Congestion Control
• Multicasting
• Caching

11
Congestion Control

• Prime Candidate for Active Networking
• A special case of Network Management.
• Its an intranetwork event, hence solutions to it
  should be far removed from the app.
• Delay in congestion information to propagate to
  the user.

12
AN and Congestion

• Active Node can monitor the available bandwidth
  and control data flow rate accordingly.
• Probe packets can gather congestion information
  as they travel and Monitor packets can use the
  info to identify the onset of congestion and
  regulate the flow accordingly.
• Applications can produce congestion control data
  according to the situation if they are aware of
  it, like selective dropping.

13
Experimental Technologies

• Network defines a finite set of functions which
  can be performed at a node on the active packets.
  
• Header information in each packet called APCI to
  specify the function.
• Packets processed according to APCI and the
  header recomputed if the function transforms the
  data.
• Tested using a Unit Level Dropping Function.

14
contd..

• Model is conservative, since no executable code
  travels in the packets. However, it is a step
  towards more radical changes.
• More complex models will have packets carrying
  code that makes on the fly routing and congestion
  control decisions based on information brought to
  the node by other packets.
• Upcoming congestion tracked and regulation done
  before congestion takes place.

15
Multicasting

• Current passive schemes provide only partial
  solution to the problem of NACK implosion, load
  of retransmissions, duplication of packets.
• Active Reliable Multicast deals with these
  problems efficiently by storing a soft state and
  performing customized computation based on packet
  types.
• Note that not all nodes need to be active for ARM
  to work. So an ActiveBONE similar to MBONE will
  work.

16
Active Reliable Multicast

• Local retransmission handled by caching the
  multicast packets which reduces both latency and
  traffic.
• Active router maintains a NACK record and a
  repair record to perform NACK suppression and
  scoped retransmission.
• Flexible and robust as active routers do not need
  knowledge of group topology.
• Results show ARM has lower recovery latency than
  passive schemes.

17
Active Network Architectures

• Some architectures carry executable code, which
  is executable on the data of the packet that
  carries the code.
• Others place code in the active nodes.
  Identifiers on the packets used to decide which
  code to be executed.

18
Active IP Option

• Active Packets approach.
• Extension to IP Options mechanism.
• Option to carry program fragments in a variety of
  languages. And to query the languages supported.
• Backward compatibility ensured since unknown
  options are silently ignored.
• Implementation in TCL, to take advantage of TCL
  interpreters restricted execution environment.

19
ANTS

• Active Nodes approach.
• Network viewed as a distributed programming
  system. Packets travel as capsules carrying code.
• Some code is comprised of well-known routines
  that reside at every active node.
• Rest of the application specific code is
  transferred by mobile code distribution
  techniques.

20
ANTS

• Provides a flexible network service. Default
  forwarding. New protocols can also be introduced
  into the network.
• Simultaneous use of a variety of network
  protocols
• Construction and use of new protocols by mutual
  agreement among interested parties, rather than
  their centralized registration.
• Dynamic deployment of these protocols.

21
Security

• An active packet could consume not only many
  resources but at a faster rate.
• Denial of service attacks may occur if there is
  no resource management.
• SANE, a layered architecture proposed at
  University of Pennsylvania addresses these
  issues.

22
Architecture of ANTS

• The requirements for having a flexible network
  layer met by having
• Packets replaced by capsules, dictate the
  processing to be performed on their behalf.
• Selected routers replaced by active nodes.
  Provide an API for capsule processing and execute
  those routines safely.
• A code distribution mechanism to enable active
  nodes to download code when needed.

23
SANE Architecture

• A Computer system is organized as a series of
  layers, each of which defines a virtual machine.
• Higher levels trust the integrity of the lower
  layers.
• Uses AEGIS, a secure bootstrap architecture to
  cold-start the system.
• Assumes a PKI Infrastructure for node to node
  Authentication.
• Uses a special programming language, PLAN, which
  is statically type checked and is pointer safe.

24
Current Work

• SANE at University of Pennsylvania.
• Georgia Tech- congestion control.
• Bowman an OS for Active Nodes.
• ARM and active Router Architecture for
  Multicasting.

25
Conclusions

• Definitely an exciting step in network design.
• Can potentially solve many of the current
  problems in passive networks, with a wide
  application range.
• Will increase the pace of innovation, through
  rapid deployment and testing of new research.
• However, most of the current implementations
  havent been deployed on a large-scale net.
• Security requirements are enormous!