Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Deep packet inspection wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Computer network wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Distributed firewall wikipedia , lookup
Network tap wikipedia , lookup
SAHARA and OASIS Overviews NTT MCL Visit November 6, 2003 Randy H. Katz Computer Science Division Electrical Engineering and Computer Science Department University of California, Berkeley Berkeley, CA 94720-1776 1 Presentation Outline 1000-1030 Overview of Sahara and Oasis Projects, Randy 1030-1050 Authenticated Roaming in Hot Spot Networks, Ana 1050-1110 BGP Health Monitoring, Matt 1110-1130 RouteVM: A Framework for Programming Programmable Network Elements, Mel 1130-1145 Programmable Network Testbed, George 1145-1200 iSCSI Performance Experiments, Li 2 The SAHARA Project • • • • • • Service Architecture for Heterogeneous Access, Resources, and Applications 3 New Opportunity: Services-Enabled Network • New things you can do inside the network • Connecting end-points to “services” with processing embedded in the network fabric • “Agents” not protocols, executing inside the network • Location-aware, data format aware • Controlled violation of layering • Distributed architecture aware of network topology • No single technical architecture likely to dominate: interworking plus overlays 4 SAHARA “Elevator” Statement • Problem – Achieving end-to-end services with desirable, predictable, enforceable properties spanning potentially distrusting service providers • Approach – Service composition and inter-operation across separate admin domains, supporting peering and brokering, and diverse business, value-exchange, access-control models • Current Focus – Interdomain routing, overlay networks, p2p algorithms – Interoperator WLAN roaming and authentication • Potential Impact – Effective way to more rapidly extend and deploy enhanced network functionality 5 Layered Reference Model for Service Composition Middleware Services End-to-End Network With Desirable Properties Enhanced Paths (Inter-domain) Enhanced Links (Intra-domain) IP Network Connectivity Plane Service Composition Applications Services Application Plane End-User Applications Overlay Network “Links” 6 Routing as a Composed Service • Routing as a Reachability “Service” – Paths between composed service instances--“links” within an overlay network – Multi-provider environment, no centralized control • Desirable Enhanced Properties – Context Awareness: discovery/exploitation of net relationships – Agility: converge quickly in response to global changes to retain good reachability “performance” – Trust: verify believability of routing advertisements – Performance: “guaranteed” bandwidth and latency – Reliability: detect service composition path failures quickly to enable fast recomposition to maintain E2E service – Scalability and Interoperability: Adapt protocols via processing between admin domains 7 Recent Progress • • • • • • • Inter-WLAN Roaming and Authentication (Ana) BGP Control Plane Verifiable BGP: Listen and Whisper Root Cause Analysis of Routing Failures (Matt) Detection of Shared Points of Congestion Etiquette for Overlay Networks Fast Recovery for P2P Networks 8 The OASIS Project • • • • • Overlays and Active Services for Internetworked Storage 9 New Opportunity: “The NETWORK is the Computer” • Rise of Programmable Network Elements – First Gen Network Appliances, Directors – Storage Virtualizers, Intrusion Detectors, Traffic Shapers, Server Load Balancers, MIE accountants – Next Gen: Third Party Programmable beyond rules • Needed: Generalized PNE programming and control model – Generalized “virtual machine” model for this class of devices – Retargetable for different underlying implementations • Applications of Interest – Network Services: L7 switching, firewalls, intrusion and infected machine detection, storage virtualization, network monitoring and management, etc. – Particular focus: network storage, iSCSI support 10 Proliferation of Network Appliances Packeteer PacketShaper Network Appliance NetCache F5 Networks BIG-IP LoadBalancer Localized content delivery platform Web server load balancer Traffic monitor and shaper Ingrian i225 Cisco SN 5420 SSL offload appliance IP-SAN storage gateway NetScreen 500 Extreme Networks SummitPx1 Firewall and VPN L2-L7 application switch Nortel Alteon Switched Firewall CheckPoint firewall and L7 switch Cisco IDS 4250-XL Intrusion detection system In-the-Network Processing: the NETWORK is the Computer 11 OASIS “Elevator” Statement • Problem – Common programming/control environment for diverse network elements to realize full power of “inside the network” services and applications • Approach – Software toolkit and VM architecture for PNEs, with retargetable optimized backend for diverse appliance-specific architectures • Current Focus – Network health monitoring, protocol interworking and packet translation services, iSCSI processing and performance enhancement, intrusion and worm detection and quarantining • Potential Impact – Open framework for multi-platform appliances, enabling third party service development – Provable application properties and invariants; avoidance of configuration and “latest patch not installed” errors 12 Generic PNE Architecture Buffers Buffers CP CP CP CP Classification Processor Tag Mem CP CP CP AP Rules & Programs Interconnection Fabric Output Ports Input Ports Buffers Action Processor 13 OASIS Testbed • Current Testbed – Alteon Filter Programmable Level 7 Switches » Next generation significantly more third party programmable – 2 x Enterprise Class Routers – (Many) pizza box PCs • In discussion – Nortel + IBM on Blade Center Storage Servers for UDCs – Cisco IOS Next Generation (ION) Programmable Packet Filters 14 Recent Progress • • • • RouteVM PNE Specification (Mel) Oasis Testbed Development (George) iSCSI Storage Experiments (Li) Intrusion Detection Case Study 15 Reliable Adaptive Distributed Systems Fox, Jordan, Katz, Necula, Patterson, Stoica, Tygar User Programming Abstractions For Roll-back Crash-Oriented Svrcs Observation Infrastructure for System SLT Verifiable Protocols Fast Detection & Route Recovery Observation Infrastructure for network SLT Commodity Internet “Reactive Systems” Observe, Classify, Learn, Act Operator Client Server Distributed Middleware SLT Services Distributed Middleware Observation & Control PNE Edge ApplicationEdge PNE Points Specific Network Network Overlay Network Router Internet IP Network Router 16 SAHARA and OASIS Randy H. Katz Thank You! 17