Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Adaptive End-to-End QoS Guarantees in IP Networks using an Active Network Approach Roman Pletka IBM Research, Zurich Research Laboratory, Switzerland Burkhard Stiller University of Federal Armed Forces Munich, Germany and Computer Engineering and Networks Laboratory (TIK), ETH Zürich, Switzerland IBM Zurich Research Laboratory Zurich Research Laboratory Agenda • Introduction • The abstract node model • Active networking framework – Overview of security risks. – The hierarchical safety levels • Example Applications – E2E services with RSVP signaling and active packets • Conclusion IBM Zurich Research Laboratory Zurich Research Laboratory Introduction • Why is QoS rarely used today? – ISP’s use massive over-provisioning. – Huge variety in existing QoS architectures (Intserv, Diffserv, ST2+, QoS classes in GPRS). – No end-to-end support for service guarantees in heterogeneous IP networks (Are user’s willing to pay for unpredictable service?). – Increasing variety in QoS-provisioning mechanisms (eg., policers, schedulers, AQM schemes) => Need for QoS translation services. IBM Zurich Research Laboratory Zurich Research Laboratory Building E2E services End-to-end Service Service Description SLA Networking Parameters SLS SLA Networking Parameters SLS Sender SLA SLS Receiver IBM Zurich Research Laboratory Zurich Research Laboratory Node Model for QoS Provisioning in a Proactive Environment Active Security Hierarchy 3 2 1 0 Absolute and Relative QoS Description 5 4 Active Packets Intserv RSVP Diffserv Proactive QoS Plane Application Plane IBM Zurich Research Laboratory Zurich Research Laboratory Networking Plane Functional Description • Discovery process – Leads to initial behavior bounds that specify upper bounds for available resources. – Within the network, not from hosts. • Resource Management – Comprises the task of maintaining information on the actual status of resource availability. – Example: maximum available bandwidth per traffic class, policies, resources related to the neighborhood, and router services. • Feedback Control – Instantaneous traffic characteristics can deviate from QoS reservation. • Translation phase – Translation of QoS parameters using active code provided by either the network administrator or the application itself. – No simple one-to-one mapping => active code. Surjective code translation is obtained by projection onto the new QoS space, whereas injective code translation needs additional information based on default mappings and/or educated guess methods. IBM Zurich Research Laboratory Zurich Research Laboratory Security Risks in Active Networks • Byte-code language – – – • Resource bound – – – – • Divides networking resources into a two-dimensional vector (local and network part) Limitation of bandwidth, CPU, and memory usage in nodes. Enables efficient charging of active packets at the network edge. Presence of code and data in the same packet does not compromise security. Safety levels – – • Byte-code provides architectural neutrality and intrinsic safety properties [SNAP]. Common operations can be represented with a single byte-codes which leads to high code compactness. Specific characteristics of the underlying architecture are hidden. Monitoring control plane activities. Handling of active networking packets is split into 6 security levels. Sandbox environment – – – Safe execution environment: Active Networking Sandbox (ANSB) Information exchange in nodes only feasible using router services. JIT-compiler (SNAP -> Network Processor Picocode). IBM Zurich Research Laboratory Zurich Research Laboratory AN Safety Hierarchy 5 4 3 Dynamic router services: registering new router services Authentication of active packets needed using a public key infrastructure. Complex policy insertion and manipulation Admission control at the edge of the network, trusted within a domain. Simple policy modification and manipulation Running in a sandbox environment, limited by predefined rules and installed router services. Creation of new packets and resource-intensive router services (e.g., lookups) Sandbox environment based on the knowledge of the instruction performance. Simple packet byte-code Safety issues solved by restrictions in the language definition and the use of a sandbox environment. No active code present in packets Corresponds to the traditional packet forwarding process. 2 1 0 Safety Level IBM Zurich Research Laboratory Zurich Research Laboratory The Sandbox Environment in Active Nodes Policy Database Resource Database Control Entity Neighborhood Database Safety Levels Router Service Handler Active Code Handler Services Tables Feedback Control 2+ Forwarding Entity Active Byte-code Interpreter Hardware specific Services 1 Cls Pol TE AQM Networking Hardware IBM Zurich Research Laboratory Zurich Research Laboratory Sched 0 AN and Network Processors • Forwarding, filtering and classification functions. • In pico-code programmable core language processors. • Coprocessor assists for – – – – – table lookups (FM, LPM, SMT) queuing policing string copy checksum generator • Hardware scheduler (WFQ, Priority Scheduler). • Hardware assist for flow control (BAT, WRED). • Embedded Power PC for more complex tasks. => On-the-fly active code execution at line speed is feasible. IBM Zurich Research Laboratory Zurich Research Laboratory Example Applications Intserv/RSVP Domain Diffserv Network with Active Nodes Sender SGSN BSS Receiver GGSN Pure Active Network Domain IBM Zurich Research Laboratory Zurich Research Laboratory Mobile Network using a GPRS Backbone Conclusion • Efficient QoS translation using Active Networks can lead to improved E2E service guarantees. • Security risks are bounded to the level of traditional IP forwarding, control, and management. • The Active Networking framework benefits from the presence of network processors with specialized hardware assists. Lower safety levels have been implemented on an IBM PowerNP 4GS3. • Future work: Dynamic off-loading of forwarding and control functionalities directly onto a network processor. IBM Zurich Research Laboratory Zurich Research Laboratory Questions… IBM Zurich Research Laboratory Zurich Research Laboratory Additional Slides IBM Zurich Research Laboratory Zurich Research Laboratory AN Requirements for Network Processors • Array register initialized with the first part of the packet content (i.e., packet header). • Array registers (scratch memory) that is large enough to hold the memory section of an active packet as well as additional temporary values. • A mechanism to read more data from the packet (access to all data in the packet) and an array register to store this information. • A mechanism to update the packet being forwarded. • Load and store operations to move data between registers. • Standard arithmetic and logical operations on scalar registers. • Support for standard comparison and control flow operations (e.g. (un)conditional branching, subroutine calls). IBM Zurich Research Laboratory Zurich Research Laboratory E2E Service using Active Networks RSVP (controlled load and fixed filter) Domain A Domain B Domain C - full support of RSVP in the domain. - no active routers present (active packets are forwarded as regular IP packets) - metropolitan area - limited RSVP support using active routers. - active packets from outside the domain are not executed in this domain (preemption) - router services installed by administrator - corresponds to a core ISP - No RSVP support. - entering active packets are allowed to execute active code up to safety level 1. - ISP at the edge of the network Sender Receiver IBM Zurich Research Laboratory Zurich Research Laboratory