Download PPT slides

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
Document related concepts

Piggybacking (Internet access) wikipedia , lookup

Airborne Networking wikipedia , lookup

Deep packet inspection wikipedia , lookup

CAN bus wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

IEEE 802.1aq wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Routing in delay-tolerant networking wikipedia , lookup

IEEE 1355 wikipedia , lookup

UniPro protocol stack wikipedia , lookup

Transcript 
I3 and Active Networks
Supplemental slides
Aditya Akella
03/23/2007
What is i3?
• A highly efficient name-based routing
implemented as an overlay network
IP router
i3 node
Communication Abstraction
• Each packet is associated an identifier id
• To receive a packet with identifier id, receiver
R maintains a trigger (id, R) into the overlay
network
send(R, data)
send(id, data)
Sender
trigger
id
R
Receiver (R)
Service Model
• API
– sendPacket(p);
– insertTrigger(t);
– removeTrigger(t) // optional
• Best-effort service model (like IP)
• Triggers are periodically refreshed by endhosts
• Reliability, congestion control, and flowcontrol implemented at end-hosts
What Does i3 Support?
•
•
•
•
Mobility
Multicast
Anycast
Service composition
Mobility
• Host just needs to update its trigger as it
moves from one subnet to another
send(id,data)
Sender
send(R1, data)
id R1
Receiver
(R1)
Mobility
• Host just needs to update its trigger as moves
from one subnet to another
send(id,data)
send(R2, data)
Sender
id R2
Receiver
(R2)
Multicast
• Unifies multicast and unicast abstractions
– Multicast: receivers insert triggers with the same
identifier
• An application can dynamically switch
between multicast and unicast
send(id,data)
Sender
send(R1, data)
id R1
Receiver (R1)
id R2
send(R2, data) Receiver (R2)
Anycast
• Generalize the matching scheme used to
forward a packet
– Until now we assumed exact matching
• Next, we assume:
– Longest prefix matching (LPM) using a prefix
larger than a predefined constant l to avoid
collisions
• In the current implementation: ID length, m = 256, l =
128
Anycast (cont’d)
• Anycast is simply a byproduct of the new
matching scheme, e.g.,
– Each receiver Ri in the anycast group inserts
IDs with the same prefix p and a different suffix
send(R1,data)
si
Receiver (R1)
send(p|a,data)
Sender
p|s1 R1
p|s2 R2
p|s3 R3
Receiver (R2)
Receiver (R3)
Service Composition
• Use a stack of IDs to encode the successions
of operations to be performed on data
• Advantages
–Don’t need to configure path
–Load balancing and robustness easy to achieve
S_MPEG/JPEG
send((id_MPEG/JPEG,id), data)
Sender
(MPEG)
send(R, data)
send(id, data)
id_MPEG/JPEG S_MPEG/JPEG
id
R
Receiver R
(JPEG)
Security
• Develop a complete solution to protect
against IP level denial of service attacks
• Show that a communication infrastructure
can provide both more functionality and
security than Internet
Design Principles
1) Hide IP address
2) Give end-hosts ability to stop the attack in
the infrastructure
3) Make sure that proposed solution does
not introduce new security vulnerabilities
1) Hide IP Address
• Enable end-hosts to communicate without
revealing their IP address
– Otherwise, hosts are vulnerable to IP level flooding
attacks
• i3 trivially implement this principle as data is
exchanged via IDs not IP addresses
send(id, data)
Sender
send(R, data)
trigger
id R
Receiver (R)
2) Enable End-hosts to Defend
• In general, end-hosts are in best position to
detect when they are under attack
– E.g., flash-crowd vs. DoS, SYN attack
• Once an end-host detects an attack, it should be
able to stop/redirect the offending traffic before it
arrives at its inbound connection
• With i3 end-hosts can
– Stop traffic by removing the trigger under attack
– Route around a region of i3 under attack by moving
triggers around
– Implement access control for multicast
Example: Avoid Collateral
Damage
• Two services shares the same connection to the Internet
• If one service is under attack, the user can save the
other one (not possible in the Internet)
ATM
server
(S1)
Customer (C)
idATM
idWEB
S1
S
Web server
(S2)
Bank Company
Attacker (A)
Why Active Networks?
• Traditional networks route packets looking
only at destination
– Also, maybe source fields (e.g. multicast)
• Problem
– Rate of deployment of new protocols and
applications is too slow
• Solution
– Allow computation in routers to support new
protocol deployment
Active Networks
• Nodes (routers) receive packets:
– Perform computation based on their internal
state and control information carried in packet
– Forward zero or more packets to end points
depending on result of the computation
• Users and apps can control behavior of
the routers
• End result: network services richer than
those by the simple IP service model
Why not IP?
• Applications that do more than IP forwarding
–
–
–
–
–
–
–
–
Firewalls
Web proxies and caches
Transcoding services
Nomadic routers (mobile IP)
Transport gateways (snoop)
Reliable multicast (lightweight multicast, PGM)
Online auctions
Sensor data mixing and fusion
• Active networks makes such applications easy to
develop and deploy
Variations on Active Networks
• Programmable routers
– More flexible than current configuration mechanism
– For use by administrators or privileged users
• Active control
– Forwarding code remains the same
– Useful for management/signaling/measurement of
traffic
• “Active networks”
– Computation occurring at the network (IP) layer of the
protocol stack  capsule based approach
– Programming can be done by any user
– Source of most active debate
Case Study: MIT ANTS System
• Conventional Networks:
– All routers perform same computation
• Active Networks:
– Routers have same runtime system
• Tradeoffs between functionality,
performance and security
System Components
• Capsules
• Active Nodes:
– Execute capsules of protocol and maintain
protocol state
– Provide capsule execution API and safety using
OS/language techniques
• Code Distribution Mechanism
– Ensure capsule processing routines
automatically/dynamically transfer to node as
needed
Capsules
• Each user/flow programs router to handle
its own packets
– Code sent along with packets
– Code sent by reference
• Protocol:
– Capsules that share the same processing
code
• May share state in the network
• Capsule ID is MD5 of code
Capsules
Active
Node
IP
Router
Capsule
IP Header
Version
Active
Node
Capsule
Type
Previous
Address
Type Dependent
Header Files
Data
ANTS-specific header
• Capsules are forwarded past normal IP routers
Capsules
Request for code
Active
Node 1
IP
Router
Capsule
Active
Node 2
Capsule
• When node receives capsule uses “type” to
determine code to run
• If no code at node requests code from “previous
address” node
• Likely to have code since it was recently used
Capsules
Code Sent
Active
Node 1
IP
Router
Active
Node 2
Capsule
Capsule
• Code is transferred from previous node
• Size limited to 16KB
• Code is signed by trusted authority (e.g. IETF)
to guarantee reasonable global resource use
Research Questions
• Execution environments
– What can capsule code access/do?
• Safety, security & resource sharing
– How isolate capsules from other flows,
resources?
• Performance
– Will active code slow the network?
• Applications
– What type of applications/protocols does this
enable?
Functions Provided by Capsule
• Environment Access
– Querying node address, time, routing tables
• Capsule Manipulation
– Access header and payload
• Control Operations
– Create, forward and suppress capsules
– How to control creation of new capsules?
• Storage
– Soft-state cache of app-defined objects
Safety, Resource Mgt, Support
• Safety:
– Provided by mobile code technology (e.g.
Java)
• Resource Management:
– Node OS monitors capsule resource
consumption
• Support:
– If node doesn’t have capsule code, retrieve
from somewhere on path
Performance
• User level Java implementation ok for T1
(1.5Mbps)
Performance
• Based on profile of code  Java specific
overheads and user level send/receive are
bulk of extra overhead
• Safe evaluation and type demultiplexing
only add 30% overhead
– Other more efficient technologies available
• Software fault isolation (SFI)
• Proof carrying code (PCC)
Applications/Protocols
• Limitations
– Expressible  limited by execution
environment
– Compact  less than 16KB
– Fast  aborted if slower than forwarding rate
– Incremental  not all nodes will be active
• Proof by example
– Host mobility, multicast, path MTU, Web
cache routing, etc.
Discussion
• Active nodes present lots of applications
with a desirable architecture
• Key questions
– Is all this necessary at the forwarding level of
the network?
– Is ease of deploying new apps/services and
protocols a reality?
Related documents
Ditrichum subulatum
Ditrichum subulatum
Schistidium confertum
Schistidium confertum
Communication in Business
Communication in Business
International Management
International Management
Oral Communication - An-Najah National University
Oral Communication - An-Najah National University
HR Objectives - Econbus
HR Objectives - Econbus
Post Capsule Endoscopy - Patient Instructions
Post Capsule Endoscopy - Patient Instructions
Post Capsule Endoscopy - Patient Instructions
Post Capsule Endoscopy - Patient Instructions
arcalion sulbutiamine online
arcalion sulbutiamine online
Vobilon Capsules. Capsule contains dry standardized extract of ginkgo biloba leaves... Vobilon is a herbal drug, contains gingko biloba extract, improving...
Vobilon Capsules. Capsule contains dry standardized extract of ginkgo biloba leaves... Vobilon is a herbal drug, contains gingko biloba extract, improving...
Chapter 1 Glossary - Fundamentals of Business Communication 2012
Chapter 1 Glossary - Fundamentals of Business Communication 2012
15-744: Computer Networking
15-744: Computer Networking