* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download David
Network tap wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Deep packet inspection wikipedia , lookup
Computer network wikipedia , lookup
Distributed firewall wikipedia , lookup
Internet protocol suite wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Routing in delay-tolerant networking wikipedia , lookup
Airborne Networking wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Active Networks Introduction (What and Why) Active Network Design (How) Applications Experience Preemptive Defense David Choffnes, Spring 2005 CS-495 Advanced Networking Traditional Networks Header causes one of small sets of operations to be performed Data is forwarded/dropped according to those rules Header Data CS-495 Advanced Networking Trailer 2 Active Networks Switches/routers perform small set of ops on packets Users can inject programs into the network – User/application specific processing CS-495 Advanced Networking 3 Capsules Code + data Code Data Similar to Postscript for printing CS-495 Advanced Networking 4 Motivations User Pull – Automatically adaptive streaming – Data aggregation – Placing computation closer to user reduces latency Industry push – Ad-hoc collection of firewalls, Web proxies, multicast routers, mobile proxies, video gateways, etc. – Replace app-specific hardware with generic, multipurpose active nodes. – If we are not careful, the network may be “activated” without providing a systematic way of upgrading services across the Internet. CS-495 Advanced Networking 5 Main high-level advantages Adaptivity, leading to support for richer interactions than fixed protocols Targeting of operations at specific locations within the network Faster deployment of new services CS-495 Advanced Networking 6 Biggest AN challenges Safety, security and resource allocation Efficiency CS-495 Advanced Networking 7 AN Overview Approaches – Discrete – Integrated CS-495 Advanced Networking 8 Discrete Active Networking Processing of messages and injecting programs into network are distinct Essentially programmable routers Impl: program ID much like protocol ID CS-495 Advanced Networking 9 Integrated Active Networking Capsules carry both data and programs (every message is a program) Transient and non-transient environment Programs may: – modify capsule – have access to external API – modify the transient and parts of non-transient environment (e.g., routing table) – schedule zero or more packets for transmission CS-495 Advanced Networking 10 Active Networks in Action CS-495 Advanced Networking 11 Programming with Capsules Foundation Components Active Storage Extensibility Interoperable Programming Model CS-495 Advanced Networking 12 Foundation Components Serves as the API of the network Provides access to node-specific info and services (e.g., link state info, average Qing delay, types of programs supported) CS-495 Advanced Networking 13 Active Storage (Non-transient) Allows “soft” flows: flow states that are caches and may be disposed of if necessary Aggregation Pruning of multicast trees Network management functions (e.g., SNMP) CS-495 Advanced Networking 14 Extensibility Reduces size of programs in capsules Enables demand-loading/caching of programs CS-495 Advanced Networking 15 Interoperable Programming Model Must enable safe, efficient operation of mobile code Traditional packet networks do this by standardizing syntax and semantics of packets For AN, standardize the computation model – Instruction set – Available resources – Resource safety CS-495 Advanced Networking 16 Interoperable Programming Model (Instruction Set) Primitives: interpreted source, intermediate language, binary (spectrum of safety vs. efficiency and portability) For safety/protection, namespace of capsule is restricted to transient environment. Java-like bytecode is preferred Any number of tricks to improve performance… optimistically use source-code rep, encode multiple formats, convert to binary adaptively, demand loading (see page 12) For portability, allow multiple models to compete, AN will support the best ones. (Common in the industry) CS-495 Advanced Networking 17 Interoperable Programming Model (Available resources) interoperability and resource management – requires a shared view of what resources are and how they are named Simple set of resources: BW, CPU, RAM – CPU: default allocation or trade BW for cycles – Transient storage: bound allocation for each packet, allow period garbage collection – Active Storage: soft state subject to rules of any cache Logical resources: topology discovery, routing and network management – must have some standard class specification CS-495 Advanced Networking 18 Interoperable Programming Model (Resource Safety) Requires authentication, delegation of authorization Big open problem CS-495 Advanced Networking 19 Applications Routing – Capsules can dynamically enumerate and evaluate paths at each node Aggregation Multicasting Caching dynamic Web content (not as good for DBrelated stuff) Mobile computing  context aware networking – Allows for adaptive bandwidth controls (e.g., automatic caching and compression at bottlenecks, TCP snooping to improve TCP performance) CS-495 Advanced Networking 20 Experience Caching programs and demand-loading them to reduce capsule size Foundation Components can implement existing Internet functions to ease transition. ANTS CS-495 Advanced Networking 21 Experience: ANTS Capsule code tends to be “glue” for composing capabilities exposed by Active Nodes Small set of ops: query node environment, manipulate soft store, route capsules toward other nodes Biggest drawback: code must be signed by authority to ensure safe code – Even with central authority, Internet can evolve much faster with ANTS – Can devote small %age of node resources to uncertified packets for experimentation No “killer app” because the best part of this is extensibility. Any killer app would be built into the base system Breaking the cycle of requiring backward compatibility. CS-495 Advanced Networking 22 Preemptive Defense Leon smells funny. CS-495 Advanced Networking 23 Active Networks are too slow and are not scalable. Processing power is cheap and always increasing in speed Recent trends in processing architecture (multi-core, highly parallel) is perfect for this environment. Storage is cheap and ANs are not required to maintain reliable storage. Due to AN architecture, AN performance can scale linearly with processing and storage capacity. CS-495 Advanced Networking 24 Modifying non-transient state is inherently unsafe and therefore we should not allow it. Existing Internet infrastructure allows packets to cause state to modified (e.g., ARP, Linkstate and DV routing algos, SNMP) CS-495 Advanced Networking 25 Bah! How are you going to achieve interoperability? Hourglass approach. Same guiding principles of IP networks CS-495 Advanced Networking 26 What about trends toward less functionality in the network? There is no such trend. The “intelligence” has moved toward the edges, but there is still a great deal of computation in the network (e.g., firewalls, routers, proxies, caches). CS-495 Advanced Networking 27 I’m an OSI fanatic. How will this impact the OSI Reference Model poster taped to the ceiling above my bed? ANs will preempt the layered model and replace it with a component model. This type of transition is nothing new and has been ubiquitously performed in operating systems. The OSI model sounded great, but had plenty of problems when applied to real-world networking. CS-495 Advanced Networking 28 Doesn’t this violate the end-to-end argument? The end-to-end argument focuses on reliability Teaches us that designers should not “overengineer” intermediaries.  Concerns the placement of functions in a network, not whether the functions can be applicationspecific.  ANs still allow the end user to select levels of service and allow users to partition functionality between end systems and intermediaries. CS-495 Advanced Networking 29 Active networks will always be susceptible to devastating attacks. The current Internet is far from secure from such attacks. If you already deal with DoS attacks in the current Internet, why are you afraid of challenges in AN security? CS-495 Advanced Networking 30 This idea was proposed almost a decade ago and all you have to show for it are some research systems. Are you suggesting I buy stock in cold fusion, too? Although cold fusion may someday become reality, Federal law prohibits me from providing investment advice without having passed the Series 7. Absence of a widespread implementation does not negate the potential utility of the proposed concept. CS-495 Advanced Networking 31 This idea was proposed almost a decade ago and all you have to show for it are some research systems. Are you suggesting I buy stock in cold fusion, too? Industry is resistant to change. Biggest challenge is the wide-scale implementation and availability of safe and efficient code mobility. CS-495 Advanced Networking 32 Well, that’s one heck of a challenge—one with few good answers and no complete solutions. Tell me something that will make me believe that ANs will ever be deployed. Only impediment to ANs is security, a ubiquitous problem Similar problems already exist in the current infrastructure will never go away This barrier to adoption will erode much like the shores of California: quickly in the midst of a cataclysmic event. Soon we will run out of IPv4 addresses, and tricks like NAT will not last long. At some point, most of the existing Internet infrastructure will have to be uprooted. Why not begin the move to ANs then? CS-495 Advanced Networking 33
 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
                                             
                                             
                                             
                                             
                                             
                                             
                                             
                                             
                                            