Download Clean Slate Design for the Internet

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
Document related concepts

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Deep packet inspection wikipedia , lookup

Net bias wikipedia , lookup

Computer network wikipedia , lookup

Computer security wikipedia , lookup

Network tap wikipedia , lookup

Wireless security wikipedia , lookup

Airborne Networking wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Distributed firewall wikipedia , lookup

Transcript 
Issues in Future Internet Design
Nick McKeown
Stanford University
Broadnets, October 4, 2006
The Stanford
Clean Slate Program
http://cleanslate.stanford.edu
100x100 Clean Slate Program
http://100x100network.org
We have lost our way









The simple default-on end-to-end network is long-gone.
It is hard to reliably identify users, to stop them from
causing harm, and hold them accountable.
It is hard to support mobile users and data.
We are not enjoying the efficiencies of a lightweight,
statistically shared infrastructure.
There are still many things we’d be frightened to do: e.g.
air-traffic control, telesurgery.
The network is unreliable.
We are tweaking.
The research community has a lot to answer for: we’ve
been stuck in incrementalism and backward compatibility.
There is change afoot … NSF FIND and GENI.
A Future Internet
Robust and available
 Inherently secure
 Support mobile end-hosts
 Economically viable and profitable
 Evolvable
 Predictable
 Anonymity where prudent …
 …accountability where necessary
 Improving the lot of the user

The list is simple, but getting there is not at all obvious.
Was: Non-issues
Became: What not to attempt
 Don’t
base research on guesses of what
the applications will be: All previous
attempts failed
 Ditto
for physical layers
 Expect
rampant and unpredictable
innovation in both
Chronology

2005: A sea-change in the networking research
community
–
–
–
–

Prompted by NSF
100x100 Clean Slate Program
NSF FIND: Funding for architectural ideas
NSF GENI: Creating a platform for experimenting with
new architectures, services and technologies
2006: A large community-wide effort
– GENI planning process
– Programs starting in Europe and Asia
100x100 Clean Slate program:
How we are proceeding
 Clean
Slate Approach
 Leverage Network Structure
 Holistic Design
Stanford Clean Slate Program:
How we are proceeding

Bring together a broad set
of experts from different
disciplines.

Create new research
programs in five areas.

Include theory, architecture,
and demonstration.
The Stanford Clean Slate Program

Create a breeding ground for new
collaborative projects across boundaries

Projects that will have significant impact in
10-15 years
Exploit Stanford’s breadth and depth
 Work closely with a focused group of
committed industrial partners

Projects underway
Projects
1.
Clean-slate approaches to security for private and public networks
Boneh, Mazieres, McKeown, Rosenblum
2.
How to incorporate high capacity optics in the network core?
Kazovsky, McKeown
3.
Theory: Flow-level models and scaleable queueing theory
Prabhakar, Saberi
4.
Wireless & Economics: Cooperation and Competition in Wideband
Wireless Resource Allocation
Goldsmith, Johari
Other Stanford Clean Slate projects
1.
2.
3.
Clean Slate design of predictable, resilient backbone networks
Clean Slate congestion control to minimize download time
Programmable nationwide backbone network
An Illustrative Example:
Clean Slate Approach to Security for
Enterprise/Private Networks



Centrally administered
Network security is important
Someone has a security policy in their
head or on paper
Problem
“Default-on” communication model
 Access control filters (ACLs) implemented in
every router/firewall to determine which flows
are allowed (based on <src IP, dst IP, src Port,
dst Port, Protocol> tuple)

– Often misconfigured or incomplete
– When paths change, easily circumvented
Access control tied to packets, not services,
users, end-hosts
 Therefore: fragile; “choke points”; hard to tell if
security policy is implemented correctly.

Approach
“Default-off” Communication
 To communicate:

–
–
–
–
–
–

User authenticates with network,
Asks for permission to communicate
Network compares request against security policy
If allowed, install state in network for this dialog
Route controlled by security policy
Permission not checked against policy for each
packet
Topology opaque
Ethane
Prototype to test/use SANE ideas
 Interoperates with unmodified clients
 Ethernet version of SANE
 Based on custom “Domain Controller”
and custom Ethernet switches

Related documents
p_19_cancer_Layout 1 - Traditional Roofing Magazine
p_19_cancer_Layout 1 - Traditional Roofing Magazine
The Blank Slate The Modern Denial of Human Nature
The Blank Slate The Modern Denial of Human Nature
74 TALCOIJS SLATE-PRIMARY LIMESTONE. Gneiss and` mica
74 TALCOIJS SLATE-PRIMARY LIMESTONE. Gneiss and` mica
The Blank Slate
The Blank Slate
Proposed System Architecture - BMI 205
Proposed System Architecture - BMI 205
Clean Slate
Clean Slate
Stanford + Connects 16 x 9 PowerPoint template
Stanford + Connects 16 x 9 PowerPoint template
Healthcare Subcomm.
Healthcare Subcomm.
Distributed Cognition
Distributed Cognition
STANFORD UNIVERSITY Department of Chemical Engineering
STANFORD UNIVERSITY Department of Chemical Engineering
Metabolomics Complexity in Forest Trees Expected from Inron
Metabolomics Complexity in Forest Trees Expected from Inron
Clean Slate Design for the Internet
Clean Slate Design for the Internet