Before%20we%20start

1
(No Transcript)
2
Before we start
Rather than designing and evaluating a solution
to a technical problem, the following paper
articulates a sweeping vision of a future
Internet that allows users to program network
elements Inspires from the mobile code and
component based software engineering The GENI
(Global Environment for Network Innovations)
facility envisioned by the U.S. National Science
Foundation has a similar notion of slice-level
programmability. This paper has 825 citations
and is widely used in graduate networking
courses ACM SIGCOMM Computer Communications
group calls this an outstanding paper whose
contents are still a vibrant and useful
contribution today.
3
This presentation was inspired from D.
Witheralls original work
4
(No Transcript)
5
Internet is evolving but maybe it is a little
too slow?
Compared to PC and Web, Internet is evolving at a
snails pace Reason PC and Web are programmable
? Anyone can deploy new services
6
Emergence of active technologies supporting the
encapsulation and safe execution of program
fragments
Technology push
Goal is to replace the numerous ad hoc approaches
with a generic capability that allows users to
program their networks
Extend these technologies for use within the
network in ways that will change the notion of
what is in the network
Motivation
Ad hoc collection of firewalls, Web Proxies,
multicast routers, mobile proxies that perform
user-driven computation at nodes within the
network.
User pull
7
An aggressive vision
Customer
Active Names
Active
ANTS
PLAN
Active Services
PAN
Click
IOS
Plugins
Manager
Flow
Packet
8
An aggressive goal Let the users control their
packets
Aleksandar RED/ECN
Steve PIM
Packets
Routers
9
Lessons learnt from experience
User-level reference platform 10,000
lines, 100 Java, UDP overlay Nodes build on
Java protection Publicly released since
1997 http//www.cs.washington.edu/research/net
working/ants/ Used at MIT, Utah, TIS, TASC,
SRI, UIUC, UCLA, ANTS2.0 is the latest
release, led by Utah
10
Our encouragement comes from
Authorized application vendors can authenticate
themselves and inject appropriate modules into it
? Firewalls Users can adapt video to fit their
bandwidth/screen size depending on the available
bandwidth link ? Nomadic Router Web caches can
generate dynamic web pages ? Web
Proxies Wireless base station can retransmit
packets ? Wireless Allow users to see composite
images constructed by fusing information obtained
from a number of sensors ? Sensor fusion
11
A new idea Lets improve the Internet by making
it programmable!
Main Idea Users can insert code into the network
and run computations on the packet
12
Users can insert code into the Network and run
computations on the packet
Cisco OR Authorized Vendors OR End Users
13
Users can insert code into the Network and run
computations on the packet
Install program onto router Packet carries the
program
14
Users can Insert code into the Network and run
computations on the packet
Program/ Function Name Scripts Binaries
Packet
Reference
Code
Reference is based on fingerprint Efficient
MD5 is 128 bits, quick to compute Prevents code
spoofing verify without trust No need for
standards body distributed naming
15
Users can insert code into the Network and run
computations on the packet
Special Active Nodes Any router
16
Users can insert code into the Network and run
computations on the packet
Network ? Routing Transport ? Packet
Filtering Application ? Compression
17
Q Can we deploy important services? A Yes.
Well-suited to experimenting w/ protocol
variations (rather than computation pushed into
network) Exceptions enforcing policy at a
point (firewalls) and resource control
(guaranteed service)
Q Is performance a show-stopper? Model is more
expensive than IP A No. Very few extra steps
over IP in common case and extra steps (demux,
safe eval) known to run fast
Q Can untrusted users program the network? A
Partly. This is difficult! Program Isolation -
Solved Program Starvation Not solved
18
Approaches to Active Networks
Discrete Packets are sent normally but header
identifies additional function to operate on the
packet (possible to change it)
Approaches to Active Networks
Integrated Packets carry code with them, code
gets executed from node to node Capsules ?
Packets that carry code (and maybe data)
19
Red Pill or Blue Pill? Err its not a pill but a
capsule!
Capsule arrives at an active node ? Contents
are evaluated Capsule contents are dispatched
to a transient execution environment If
required, external methods can be
invoked May change the non-transient state of
the node Destroy transient environment when
done
20
Beyond the capsules transient environment
21
Capsule Programs Mobility, Safety and Efficiency

• Capsule Primitives
• Limited set of primitive actions
• Extended through the addition of external
  methods
• Achieving portability/mobility
• Express in high-level language Safe-TCL
• Byte coded virtual instruction set - Java
• Platform-dependent binary format and arrange
  for each capsule to carry different binary
  encodings Traditional OS approaches

22
Capsule Programs Mobility, Safety and Efficiency
Safe and Efficient Execution Restrict the
namespace of the capsule to the transient
environment Any capsule that accesses methods
outside of that space must first authenticate
itself Available Technologies
Source Code Intermediate Code Platform dependent Binary Code
Example Safe-TCL (High Level) Java (Byte-code) Traditional OS Approaches (Binary)
Advantages Human Readable and simple programs can be composed quickly Significant improvement in efficiency by off-loading some responsibility from the interpreter. Directly executed by the underlying hardware creates a sandbox
Disadvantages Overhead of source code interpretation and overall size of programs Still an interpreted language Requires a sophisticated compiler
23
Capsule Programs Whats the right answer then?
Portability Flexibility Mobility Features
Tradeoffs
Cost Complexity
24
How would we achieve Interoperable Programming
Model?

• Traditional Approach
• By standardizing the syntax and semantics of
  packet
• Internet routers all support the agreed IP
  specifications
• Not to be confused by dominance! Routers can
  still implement their own programs that are
  roughly equivalent

• Active Networks Approach
• Active networks can execute many different
  programs
• Instead of syntax and semantic
  standardization, standardize the computational
  model (instruction set available resources)

25
Interoperability Resource Specification
System could be complex
Each capsule could leverage a wide range of
resources
Each of the resources should be named, have its
attributes specified and be carefully allocated.
26
Interoperability Resource Specification A
Spartan Approach
Link abstraction must encompass the units of
bandwidth allocation and take into account the
traffic patterns generated
27
Interoperability Resource Specification A
Spartan Approach
Easier to abstract In most cases it is sufficient
to assign every capsule a default allocation that
protects against runaway computations.
28
Interoperability Resource Specification A
Spartan Approach
Addressed on two axes the storage utilized
during specific intervals and the duration of
those intervals Most capsules free storage
quickly, however for those who don't a garbage
collection mechanism can be implemented.
29
Interoperability Resource Specification A
Spartan Approach
Storage of components that outlive the execution
of individual capsules. For example on-demand
loaded components.
30
Interoperability Resource Specification A
Spartan Approach
A mechanism for naming of logical resources
becomes necessary.
31
Interoperability Resource Safety

• Safe manipulation of node resources can be
  partitioned in three types of activities
• Dynamic assignment
• Dynamic resource allocation
• Validation
• Authenticate the capsule source, authorize and
  verify tampering (Achieved through cryptography)?
• Delegation
• Delegation of authorization

32
From Internet to ActiveNet

• An effort of the research community to deploy a
  wide area ActiveNet
• Issues that will be faced are the same as in the
  design of the current Internet
• At first ActiveNet will adopt the technologies of
  the old Internet.
• Also new algorithms that will leverage the new
  pool of active nodes.

33
Architectural Considerations

• Traditional network architectures separate the
  upper (end-to-end layers) from the lower
  (hop-by-hop layers).
• Network layer bridges in between.
• Active networks challenge this model.
• Computations performed in the network can be user
  and application specific and user data is
  accessible to them

34
Architectural Considerations - FAQ

• How is interoperability achieved?
• In old Internet, nodes perform equivalent
  computations on the packets flowing through them.
• Active networks are capable of performing many
  different computations. Here the consensus is in
  the program encoding and computation environment
• Isn't the trend to have less functionality in the
  network?
• Actually it has been towards increasing
  computation

35
Architectural Considerations - FAQ

• What's the impact on the layered reference model?
• The OSI model has proven useful but it shows
  cracks.
• Services at or below the network layer are
  presumed to be user and application neutral.
• It deals poorly with upper layer services that
  are physically interposed between endpoints
• Doesn't model the recursion that occurs at the
  network layer (tunnelling of networks)?
• Upper layers, are of diminished importance.
• Already ongoing research about changes to the OSI
  model.

36
Architectural Considerations - FAQ

• What about the end-to-end argument?
• Designer objective should be to have an
  acceptable level of reliability in the lower
  layers that does not trigger excessive
  intervention by the end-to-end mechanism.
• Active networks actually allow this guideline to
  be followed more accurately by allowing
  applications to partition functionality between
  end points and intermediaries.
• Why hasn't this been done before? Why try now?
• Mainly because the technologies required have
  evolved to a certain point (ex. Code mobility)?

37
Current Work

• SANE at University of Pennsylvania.
• Georgia Tech- congestion control.
• Bowman an OS for Active Nodes.
• ARM and active Router Architecture for
  Multicasting.

38
Conclusion Well, not exactly!

• Definitely an exciting step in network design.
• Can potentially solve many of the current
  problems in passive networks, with a wide
  application range.
• Will increase the pace of innovation, through
  rapid deployment and testing of new research.
• However, most of the current implementations
  havent been deployed on a large-scale net.
• Security requirements are enormous and were
  still working on it!

39
Onto the Attacking Team
40
Measured Performance From the internal files!