Download ppt - Roman Pletka

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
Document related concepts

Deep packet inspection wikipedia , lookup

Net bias wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Quality of service wikipedia , lookup

Transcript 
Adaptive End-to-End QoS Guarantees in IP
Networks using an Active Network Approach
Roman Pletka
IBM Research, Zurich Research Laboratory, Switzerland
Burkhard Stiller
University of Federal Armed Forces Munich, Germany and
Computer Engineering and Networks Laboratory (TIK), ETH Zürich, Switzerland
IBM Zurich Research Laboratory
Zurich Research Laboratory
Agenda
• Introduction
• The abstract node model
• Active networking framework
– Overview of security risks.
– The hierarchical safety levels
• Example Applications
– E2E services with RSVP signaling and active packets
• Conclusion
IBM Zurich Research Laboratory
Zurich Research Laboratory
Introduction
• Why is QoS rarely used today?
– ISP’s use massive over-provisioning.
– Huge variety in existing QoS architectures (Intserv,
Diffserv, ST2+, QoS classes in GPRS).
– No end-to-end support for service guarantees in
heterogeneous IP networks (Are user’s willing to pay
for unpredictable service?).
– Increasing variety in QoS-provisioning mechanisms
(eg., policers, schedulers, AQM schemes)
=> Need for QoS translation services.
IBM Zurich Research Laboratory
Zurich Research Laboratory
Building E2E services
End-to-end Service
Service Description
SLA
Networking Parameters
SLS
SLA
Networking Parameters
SLS
Sender
SLA
SLS
Receiver
IBM Zurich Research Laboratory
Zurich Research Laboratory
Node Model for QoS Provisioning in a
Proactive Environment
Active Security
Hierarchy
3
2
1
0
Absolute and Relative
QoS Description
5
4
Active Packets
Intserv
RSVP
Diffserv
Proactive QoS Plane
Application Plane
IBM Zurich Research Laboratory
Zurich Research Laboratory
Networking Plane
Functional Description
•
Discovery process
– Leads to initial behavior bounds that specify upper bounds for available resources.
– Within the network, not from hosts.
•
Resource Management
– Comprises the task of maintaining information on the actual status of resource
availability.
– Example: maximum available bandwidth per traffic class, policies, resources
related to the neighborhood, and router services.
•
Feedback Control
– Instantaneous traffic characteristics can deviate from QoS reservation.
•
Translation phase
– Translation of QoS parameters using active code provided by either the network
administrator or the application itself.
– No simple one-to-one mapping => active code.
Surjective code translation is obtained by projection onto the new QoS space,
whereas injective code translation needs additional information based on default
mappings and/or educated guess methods.
IBM Zurich Research Laboratory
Zurich Research Laboratory
Security Risks in Active Networks
•
Byte-code language
–
–
–
•
Resource bound
–
–
–
–
•
Divides networking resources into a two-dimensional vector (local and network part)
Limitation of bandwidth, CPU, and memory usage in nodes.
Enables efficient charging of active packets at the network edge.
Presence of code and data in the same packet does not compromise security.
Safety levels
–
–
•
Byte-code provides architectural neutrality and intrinsic safety properties [SNAP].
Common operations can be represented with a single byte-codes which leads to high code
compactness.
Specific characteristics of the underlying architecture are hidden.
Monitoring control plane activities.
Handling of active networking packets is split into 6 security levels.
Sandbox environment
–
–
–
Safe execution environment: Active Networking Sandbox (ANSB)
Information exchange in nodes only feasible using router services.
JIT-compiler (SNAP -> Network Processor Picocode).
IBM Zurich Research Laboratory
Zurich Research Laboratory
AN Safety Hierarchy
5
4
3
Dynamic router services:
registering new router services
Authentication of active packets
needed using a public key infrastructure.
Complex policy insertion
and manipulation
Admission control at the edge of the
network, trusted within a domain.
Simple policy modification
and manipulation
Running in a sandbox environment,
limited by predefined rules and
installed router services.
Creation of new packets and
resource-intensive router
services (e.g., lookups)
Sandbox environment based on the
knowledge of the instruction
performance.
Simple packet byte-code
Safety issues solved by restrictions
in the language definition and the
use of a sandbox environment.
No active code present
in packets
Corresponds to the traditional
packet forwarding process.
2
1
0
Safety
Level
IBM Zurich Research Laboratory
Zurich Research Laboratory
The Sandbox Environment in Active Nodes
Policy
Database
Resource
Database
Control
Entity
Neighborhood
Database
Safety
Levels
Router Service Handler
Active Code
Handler
Services Tables
Feedback
Control
2+
Forwarding
Entity
Active Byte-code
Interpreter
Hardware specific Services
1
Cls
Pol
TE
AQM
Networking Hardware
IBM Zurich Research Laboratory
Zurich Research Laboratory
Sched
0
AN and Network Processors
• Forwarding, filtering and classification functions.
• In pico-code programmable core language processors.
• Coprocessor assists for
–
–
–
–
–
table lookups (FM, LPM, SMT)
queuing
policing
string copy
checksum generator
• Hardware scheduler (WFQ, Priority Scheduler).
• Hardware assist for flow control (BAT, WRED).
• Embedded Power PC for more complex tasks.
=> On-the-fly active code execution at line speed is feasible.
IBM Zurich Research Laboratory
Zurich Research Laboratory
Example Applications
Intserv/RSVP Domain
Diffserv Network
with Active Nodes
Sender
SGSN
BSS
Receiver
GGSN
Pure Active Network Domain
IBM Zurich Research Laboratory
Zurich Research Laboratory
Mobile Network using
a GPRS Backbone
Conclusion
• Efficient QoS translation using Active Networks can lead
to improved E2E service guarantees.
• Security risks are bounded to the level of traditional IP
forwarding, control, and management.
• The Active Networking framework benefits from the
presence of network processors with specialized hardware
assists. Lower safety levels have been implemented on an
IBM PowerNP 4GS3.
• Future work: Dynamic off-loading of forwarding and
control functionalities directly onto a network processor.
IBM Zurich Research Laboratory
Zurich Research Laboratory
Questions…
IBM Zurich Research Laboratory
Zurich Research Laboratory
Additional Slides
IBM Zurich Research Laboratory
Zurich Research Laboratory
AN Requirements for Network Processors
• Array register initialized with the first part of the packet content (i.e.,
packet header).
• Array registers (scratch memory) that is large enough to hold the memory
section of an active packet as well as additional temporary values.
• A mechanism to read more data from the packet (access to all data in the
packet) and an array register to store this information.
• A mechanism to update the packet being forwarded.
• Load and store operations to move data between registers.
• Standard arithmetic and logical operations on scalar registers.
• Support for standard comparison and control flow operations (e.g.
(un)conditional branching, subroutine calls).
IBM Zurich Research Laboratory
Zurich Research Laboratory
E2E Service using Active Networks
RSVP (controlled load and fixed filter)
Domain A
Domain B
Domain C
- full support of RSVP in the
domain.
- no active routers present
(active packets are forwarded as
regular IP packets)
- metropolitan area
- limited RSVP support using
active routers.
- active packets from outside the
domain are not executed in this
domain (preemption)
- router services installed by
administrator
- corresponds to a core ISP
- No RSVP support.
- entering active packets are
allowed to execute active code
up to safety level 1.
- ISP at the edge of the network
Sender
Receiver
IBM Zurich Research Laboratory
Zurich Research Laboratory
Related documents
Designer enzymes Donald Hilvert ETH Zurich, Zurich, Switzerland
Designer enzymes Donald Hilvert ETH Zurich, Zurich, Switzerland
Machinery breakdown/deterioration of stock/fusion
Machinery breakdown/deterioration of stock/fusion
Financial Institution Solutions for Lending Institutions
Financial Institution Solutions for Lending Institutions
Zurich launches first Life Insurance proposition designed specifically
Zurich launches first Life Insurance proposition designed specifically
Zurich`s emerging markets unit provides political risk insurance for
Zurich`s emerging markets unit provides political risk insurance for
Photonic Biosensors and Optofluidic Systems for
Photonic Biosensors and Optofluidic Systems for
Slide 1
Slide 1
A Place Of History - Zurichdevelopmentcenter.com
A Place Of History - Zurichdevelopmentcenter.com
Outsourcers as top three cause of supply chain disruption
Outsourcers as top three cause of supply chain disruption
Short biography for downloading
Short biography for downloading
ppt
ppt
슬라이드 제목 없음
슬라이드 제목 없음
Impact of Computers on Society
Impact of Computers on Society