* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Active Networks: Applications, Security, Safety
Piggybacking (Internet access) wikipedia , lookup
Deep packet inspection wikipedia , lookup
Network tap wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Distributed firewall wikipedia , lookup
Computer network wikipedia , lookup
Airborne Networking wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Active Networks: Applications, Security, Safety and Architectures Author: Konstantinos Psounis Stanford University Presenter: Sanjay Agrawal Purdue University Department of Computer Science, Purdue University Purdue University Nov 15, 2000 Passive and Active Networks • Passive: Consists of smart hosts at the edges of the network performing computations up to the app layer, routers interconnecting them can only perform computations up to the network layer. • Active: Allows Intermediate routers to perform computations up to the application layer. Users can program the network by injecting programs into them. Department of Computer Science, Purdue University Networks, Passive and Active: • Passive Networks: Processing limited to Routing, congestion Control and QoS Schemes Problems: 1. Difficulty of integrating new technologies 2. No support for applications that require computation within the network. 3. Poor performance due to redundant operations. Department of Computer Science, Purdue University Need for Active Networks: • Need an ability to program the networks. • Networks should be able to do computations on user data. • Users can supply the programs to perform these computations. Department of Computer Science, Purdue University Arguments for and against AN • Against: – Internet successful because of its simplicity. • For – – – – Need Will increase the pace of innovation. Mobile code technology enables it. End to end performance of applications will improve. Department of Computer Science, Purdue University End to End Argument: • A function or service should be placed in the network only if it can be implemented cost effectively. • Idea of AN is compatible with this argument. • Some services can best be supported using info available inside the net. Department of Computer Science, Purdue University Online Auctions • The price info by server may not be up-to- date causing client to submit a low bid. • So auction server will receive bids that are too low and must be rejected. • In AN such low bids can be filtered out in the network, before reaching the server. • At heavy load, server activates filters in nearby nodes, updating them with current price periodically. • Frees server resources for processing competitive bids, reduces net utilization the server. Department of Computer at Science, Purdue University Performance.. • Improvement brought about by delegating some of app’s functionality to internal network nodes. • Normal traffic could infact benefit from active processing which will reduce bandwidth utilization in some regions of the network. • Doing work within the network reduces the total amount of work done by the app. Department of Computer Science, Purdue University Performance • We need App performance rather than network performance, which are not correlated. • AN may cause fewer pkts to be sent, with longer per hop latencies because of increased computation and storage. • Still overall app performance will improve, because of reduced demand for bandwidth at endpoints. Department of Computer Science, Purdue University Applications • Active Networks can be beneficial for a variety of applications: – – – – Network Management Congestion Control Multicasting Caching Department of Computer Science, Purdue University Congestion Control • Prime Candidate for Active Networking • A special case of Network Management. • It’s an intranetwork event, hence solutions to it should be far removed from the app. • Delay in congestion information to propagate to the user. Department of Computer Science, Purdue University AN and Congestion: • Active Node can monitor the available bandwidth and control data flow rate accordingly. • Probe packets can gather congestion information as they travel and Monitor packets can use the info to identify the onset of congestion and regulate the flow accordingly. • Applications can produce congestion control data according to the situation if they are aware of it, like selective dropping. Department of Computer Science, Purdue University Experimental Technologies: • Network defines a finite set of functions which can be performed at a node on the active packets. • Header information in each packet called APCI to specify the function. • Packets processed according to APCI and the header recomputed if the function transforms the data. • Tested using a Unit Level Dropping Function. Department of Computer Science, Purdue University contd.. • Model is conservative, since no executable code travels in the packets. However, it is a step towards more radical changes. • More complex models will have packets carrying code that makes on the fly routing and congestion control decisions based on information brought to the node by other packets. • Upcoming congestion tracked and regulation done before congestion takes place. Department of Computer Science, Purdue University Multicasting • Current “passive” schemes provide only partial solution to the problem of NACK implosion, load of retransmissions, duplication of packets. • Active Reliable Multicast deals with these problems efficiently by storing a soft state and performing customized computation based on packet types. • Note that not all nodes need to be active for ARM to work. So an ActiveBONE similar to MBONE will work. Department of Computer Science, Purdue University Active Reliable Multicast • Local retransmission handled by caching the multicast packets which reduces both latency and traffic. • Active router maintains a NACK record and a repair record to perform NACK suppression and scoped retransmission. • Flexible and robust as active routers do not need knowledge of group topology. • Results show ARM has lower recovery latency than passive schemes. Department of Computer Science, Purdue University Active Network Architectures • Some architectures carry executable code, which is executable on the data of the packet that carries the code. • Others place code in the active nodes. Identifiers on the packets used to decide which code to be executed. Department of Computer Science, Purdue University Active IP Option: • Active Packets approach. • Extension to IP Options mechanism. • Option to carry program fragments in a variety of languages. And to query the languages supported. • Backward compatibility ensured since unknown options are silently ignored. • Implementation in TCL, to take advantage of TCL interpreter’s restricted execution environment. Department of Computer Science, Purdue University ANTS • Active Nodes approach. • Network viewed as a distributed programming system. Packets travel as capsules carrying code. • Some code is comprised of well-known routines that reside at every active node. • Rest of the application specific code is transferred by mobile code distribution techniques. Department of Computer Science, Purdue University ANTS • Provides a flexible network service. Default forwarding. New protocols can also be introduced into the network. – Simultaneous use of a variety of network protocols – Construction and use of new protocols by mutual agreement among interested parties, rather than their centralized registration. – Dynamic deployment of these protocols. Department of Computer Science, Purdue University Security • An active packet could consume not only many resources but at a faster rate. • Denial of service attacks may occur if there is no resource management. • SANE, a layered architecture proposed at University of Pennsylvania addresses these issues. Department of Computer Science, Purdue University Architecture of ANTS • The requirements for having a flexible network layer met by having: – Packets replaced by capsules, dictate the processing to be performed on their behalf. – Selected routers replaced by active nodes. Provide an API for capsule processing and execute those routines safely. – A code distribution mechanism to enable active nodes to download code when needed. Department of Computer Science, Purdue University SANE Architecture • A Computer system is organized as a series of layers, each of which defines a virtual machine. • Higher levels trust the integrity of the lower layers. • Uses AEGIS, a secure bootstrap architecture to cold-start the system. • Assumes a PKI Infrastructure for node to node Authentication. • Uses a special programming language, PLAN, which is statically type checked and is pointer safe. Department of Computer Science, Purdue University Current Work • • • • SANE at University of Pennsylvania. Georgia Tech- congestion control. Bowman an OS for Active Nodes. ARM and active Router Architecture for Multicasting. Department of Computer Science, Purdue University Conclusions • Definitely an exciting step in network design. • Can potentially solve many of the current problems in passive networks, with a wide application range. • Will increase the pace of innovation, through rapid deployment and testing of new research. • However, most of the current implementations haven’t been deployed on a large-scale net. • Security requirements are enormous! Department of Computer Science, Purdue University