100x100 Panel on Management and Security - PowerPoint PPT Presentation

1 / 6
About This Presentation
Title:

100x100 Panel on Management and Security

Description:

homing to multiple IP/Optical/Wireless access networks, access routers ... IP control plane has nonlinear characteristics ... IP anomaly detection and ... – PowerPoint PPT presentation

Number of Views:21
Avg rating:3.0/5.0
Slides: 7
Provided by: albe112
Category:

less

Transcript and Presenter's Notes

Title: 100x100 Panel on Management and Security


1
100x100 Panel on Management and Security
  • Albert Greenberg
  • ATT Labs-Research

2
What Should The Network Look Like To Customers
  • assumption customers consumers and businesses
  • different reliability, security and performance
    expectations for different market segments
  • even if the focus of this project is on one
    segment, many network providers will look to gain
    economic value from multiple segments
  • competing 100x100 networks and network components
  • multihoming to businesses and many institutions
    of some size
  • across network PoPs providers access and VPN
    technologies
  • commodity market mechanisms making switching
    easier
  • customer edge router/switch/firewall (bump in
    the cord on the uplink(s) or software agents)
  • accommodating wide range of networked endpoints,
    using the dominant consumer interfaces (Ethernet,
    WiFi)
  • access to VPNs, storage, the big Internet,
    applications such as voice

3
Applications (Generalizing)
  • Data Access Apps
  • traditional web p2p
  • non-traditional distributed storage
    utility-computing
  • high BW needs, (increasingly) low latency
    expectations
  • Near-Real-Time Apps
  • traditional voice, conferencing, messaging
  • non-traditional gaming
  • low BW needs, high sensitivity to loss and delay
  • What it means to Network Design and Engineering
  • target one robust design for both types of
    applications

4
What Should The Network Look Like To Providers
Boxes and Connectivity
  • network endpoints
  • inside the customer large, diverse networked
    endpoints (hw and sw) and apps, speaking IP over
    a few dominant access technologies
  • mostly out of our control, as it should be?
  • customer router/switch/firewall
  • gateway or bump in the uplink(s)
  • supporting tunnels (psuedowire, IPSEC), a simple
    mechanism for protecting the class of performance
    sensitive traffic
  • able to support some network-wide, VPN-specific,
    customer-specific policy enforcement
  • homing to multiple IP/Optical/Wireless access
    networks, access routers
  • interesting design point dead simple,
    autoconfigurable, ultra-reliable box
  • provider access router
  • access to VPNs, storage, services (voice etc),
    big Internet
  • interesting design point this is where complex
    customer-specifiy granularity policy is applied,
    services like transcoding, network-level
    multicast, voice, etc
  • core routers
  • multihoming to other cores and access networks
  • interesting design point big, reliable, low
    functionality (5 nines engineering)
  • on top
  • servers, almost all services you might think of,
    authentication, DNS, directories

5
This Was The Easy Part
  • We can slam this much together today, but the
    state of the art is pathetic.

6
On the State of the Art
  • IP components highly unreliable
  • conventional optical protection of limited
    utility in core
  • interesting design point IP/Optical integration
    in access, in PoP less electronics
  • IP control plane has nonlinear characteristics
  • small perturbations ? huge impact, slow
    re-convergence
  • interesting design point new IP control plane
    (no, not thinking of MPLS)
  • IP measurements nowhere near adequate
  • lacking ubiquitous, granular measurement of data
    and control planes
  • interesting design point sampling at customer
    and access routers
  • IP configuration management and automation a
    black art
  • highest source of errors and outages
  • interesting design point managing network as a
    whole, instead of box by box
  • IP anomaly detection and mitigation mechanisms
    are noisy
  • with both data overload (data data everywhere and
    not a thought to think), and under-load (missing
    causality information)
  • interesting design point integration of data
    across multiple measurement locations
  • IP trust and security models nowhere near
    adequate
  • limited policy control worms and viruses with
    very little to break or impede spread at
    exponential rate
  • interesting design point network-wide traffic
    baselining and anomaly detection security in the
    control plane
Write a Comment
User Comments (0)
About PowerShow.com