Active Networks - PowerPoint PPT Presentation

About This Presentation
Title:

Active Networks

Description:

Active Networks Introduction (What and Why) Active Network Design (How) Applications Experience Preemptive Defense – PowerPoint PPT presentation

Number of Views:118
Avg rating:3.0/5.0
Slides: 34
Provided by: Fabia170
Category:
Tags: active | model | networks

less

Transcript and Presenter's Notes

Title: Active Networks


1
Active Networks
  • Introduction (What and Why)
  • Active Network Design (How)
  • Applications
  • Experience
  • Preemptive Defense

2
Traditional Networks
  • Header causes one of small sets of operations to
    be performed
  • Data is forwarded/dropped according to those
    rules

Header
Data
Trailer
3
Active Networks
  • Switches/routers perform small set of ops on
    packets
  • Users can inject programs into the network
  • User/application specific processing

4
Capsules
  • Code data
  • Similar to Postscript for printing

Code
Data
5
Motivations
  • User Pull
  • Automatically adaptive streaming
  • Data aggregation
  • Placing computation closer to user reduces
    latency
  • Industry push
  • Ad-hoc collection of firewalls, Web proxies,
    multicast routers, mobile proxies, video
    gateways, etc.
  • Replace app-specific hardware with generic,
    multipurpose active nodes.
  • If we are not careful, the network may be
    activated without providing a systematic way of
    upgrading services across the Internet.

6
Main high-level advantages
  • Adaptivity, leading to support for richer
    interactions than fixed protocols
  • Targeting of operations at specific locations
    within the network
  • Faster deployment of new services

7
Biggest AN challenges
  • Safety, security and resource allocation
  • Efficiency

8
AN Overview
  • Approaches
  • Discrete
  • Integrated

9
Discrete Active Networking
  • Processing of messages and injecting programs
    into network are distinct
  • Essentially programmable routers
  • Impl program ID much like protocol ID

10
Integrated Active Networking
  • Capsules carry both data and programs (every
    message is a program)
  • Transient and non-transient environment
  • Programs may
  • modify capsule
  • have access to external API
  • modify the transient and parts of non-transient
    environment (e.g., routing table)
  • schedule zero or more packets for transmission

11
Active Networks in Action
12
Programming with Capsules
  • Foundation Components
  • Active Storage
  • Extensibility
  • Interoperable Programming Model

13
Foundation Components
  • Serves as the API of the network
  • Provides access to node-specific info and
    services (e.g., link state info, average Qing
    delay, types of programs supported)

14
Active Storage (Non-transient)
  • Allows soft flows flow states that are caches
    and may be disposed of if necessary
  • Aggregation
  • Pruning of multicast trees
  • Network management functions (e.g., SNMP)

15
Extensibility
  • Reduces size of programs in capsules
  • Enables demand-loading/caching of programs

16
Interoperable Programming Model
  • Must enable safe, efficient operation of mobile
    code
  • Traditional packet networks do this by
    standardizing syntax and semantics of packets
  • For AN, standardize the computation model
  • Instruction set
  • Available resources
  • Resource safety

17
Interoperable Programming Model(Instruction Set)
  • Primitives interpreted source, intermediate
    language, binary (spectrum of safety vs.
    efficiency and portability)
  • For safety/protection, namespace of capsule is
    restricted to transient environment.
  • Java-like bytecode is preferred
  • Any number of tricks to improve performance
    optimistically use source-code rep, encode
    multiple formats, convert to binary adaptively,
    demand loading (see page 12)
  • For portability, allow multiple models to
    compete, AN will support the best ones. (Common
    in the industry)

18
Interoperable Programming Model(Available
resources)
  • interoperability and resource management
  • requires a shared view of what resources are and
    how they are named
  • Simple set of resources BW, CPU, RAM
  • CPU default allocation or trade BW for cycles
  • Transient storage bound allocation for each
    packet, allow period garbage collection
  • Active Storage soft state subject to rules of
    any cache
  • Logical resources topology discovery, routing
    and network management must have some standard
    class specification

19
Interoperable Programming Model(Resource Safety)
  • Requires authentication, delegation of
    authorization
  • Big open problem

20
Applications
  • Routing
  • Capsules can dynamically enumerate and evaluate
    paths at each node
  • Aggregation
  • Multicasting
  • Caching dynamic Web content (not as good for
    DB-related stuff)
  • Mobile computing ? context aware networking
  • Allows for adaptive bandwidth controls (e.g.,
    automatic caching and compression at bottlenecks,
    TCP snooping to improve TCP performance)

21
Experience
  • Caching programs and demand-loading them to
    reduce capsule size
  • Foundation Components can implement existing
    Internet functions to ease transition.
  • ANTS

22
Experience ANTS
  • Capsule code tends to be glue for composing
    capabilities exposed by Active Nodes
  • Small set of ops query node environment,
    manipulate soft store, route capsules toward
    other nodes
  • Biggest drawback code must be signed by
    authority to ensure safe code
  • Even with central authority, Internet can evolve
    much faster with ANTS
  • Can devote small age of node resources to
    uncertified packets for experimentation
  • No killer app because the best part of this is
    extensibility. Any killer app would be built into
    the base system
  • Breaking the cycle of requiring backward
    compatibility.

23
Preemptive Defense
  • Leon smells funny.

24
Active Networks are too slow and are not
scalable.
  • Processing power is cheap and always increasing
    in speed
  • Recent trends in processing architecture
    (multi-core, highly parallel) is perfect for this
    environment.
  • Storage is cheap and ANs are not required to
    maintain reliable storage.
  • Due to AN architecture, AN performance can scale
    linearly with processing and storage capacity.

25
Modifying non-transient state is inherently
unsafe and therefore we should not allow it.
  • Existing Internet infrastructure allows packets
    to cause state to modified (e.g., ARP, Link-state
    and DV routing algos, SNMP)

26
Bah! How are you going to achieve
interoperability?
  • Hourglass approach.
  • Same guiding principles of IP networks

27
What about trends toward less functionality in
the network?
  • There is no such trend. The intelligence has
    moved toward the edges, but there is still a
    great deal of computation in the network (e.g.,
    firewalls, routers, proxies, caches).

28
Im an OSI fanatic. How will this impact the OSI
Reference Model poster taped to the ceiling above
my bed?
  • ANs will preempt the layered model and replace it
    with a component model.
  • This type of transition is nothing new and has
    been ubiquitously performed in operating systems.
  • The OSI model sounded great, but had plenty of
    problems when applied to real-world networking.

29
Doesnt this violate the end-to-end argument?
  • The end-to-end argument focuses on reliability
  • Teaches us that designers should not
    over-engineer intermediaries.
  • Concerns the placement of functions in a network,
    not whether the functions can be
    application-specific.
  • ANs still allow the end user to select levels of
    service and allow users to partition
    functionality between end systems and
    intermediaries.

30
Active networks will always be susceptible to
devastating attacks.
  • The current Internet is far from secure from such
    attacks.
  • If you already deal with DoS attacks in the
    current Internet, why are you afraid of
    challenges in AN security?

31
This idea was proposed almost a decade ago and
all you have to show for it are some research
systems. Are you suggesting I buy stock in cold
fusion, too?
  • Although cold fusion may someday become reality,
    Federal law prohibits me from providing
    investment advice without having passed the
    Series 7.
  • Absence of a widespread implementation does not
    negate the potential utility of the proposed
    concept.

32
This idea was proposed almost a decade ago and
all you have to show for it are some research
systems. Are you suggesting I buy stock in cold
fusion, too?
  • Industry is resistant to change.
  • Biggest challenge is the wide-scale
    implementation and availability of safe and
    efficient code mobility.

33
Well, thats one heck of a challengeone with few
good answers and no complete solutions. Tell me
something that will make me believe that ANs will
ever be deployed.
  • Only impediment to ANs is security, a ubiquitous
    problem
  • Similar problems already exist in the current
    infrastructure will never go away
  • This barrier to adoption will erode much like the
    shores of California quickly in the midst of a
    cataclysmic event.
  • Soon we will run out of IPv4 addresses, and
    tricks like NAT will not last long. At some
    point, most of the existing Internet
    infrastructure will have to be uprooted. Why not
    begin the move to ANs then?
Write a Comment
User Comments (0)
About PowerShow.com