Introduction to Active Networks
Download
Report
Transcript Introduction to Active Networks
Introduction to
Active Networks
Stephen F. Bush
[email protected]
www.research.ge.com/~bushsf/an
GE Global Research Center
Acknowledgements
The volume of research in the Active Networking field is too
large to include references to all the excellent work in this area.
We would like to extend our thanks and appreciation to all
those whose work is cited in this presentation as well as those
whose work we were not able to cite for lack of time and
space.*
*GE related research in this presentation has been funded by the Defense Advanced Research Projects
Agency (DARPA) contract F30602-01-C-0182 and managed by the Air Force Research Laboratory (AFRL)
Information Directorate. Our thanks go to Doug Maughan, the Active Networks Program Manager and
Scott Shyne, Air Force Rome Labs, for their generous support throughout our research.
Introduction
Copyright 2002 Stephen F. Bush
2
Outline
1) Active Network Framework
2) Active Network Execution Environments and
Testbeds
3) Active Network Security Architecture
4) Data Versus Code Tradeoff: Kolmogorov
Complexity
Introduction
Copyright 2002 Stephen F. Bush
3
Three Points to Remember
Active Networks Are Cool
Active Networks Can Be At Least As Secure
As Legacy Networks ;)
Data and Algorithm Are Mutable and Fluid
Within Active Networks
Introduction
Copyright 2002 Stephen F. Bush
4
Motivation for Active Networking
Faster Hardware Not Fully Utilized
Enables More Flexible Network
De-couples Protocol From Transport
Minimizes Requirements for Global Agreement
Enables On-the-fly Experimentation
Enables Faster Deployment of New Services
•
•
http://www.darpa.mil/ato/programs/activenetworks/actnet.htm
Email List: [email protected]
Introduction
Copyright 2002 Stephen F. Bush
5
Active Networking: A Natural
Evolution
Traditional Packet
Network
Header Data
Adaptive
Monitoring,
And Predictive
Control
Devices Become
Network-Aware
Network-aware and
Devices
Smart
Active Network
Header Code Data
Custom Code Injected
By Applications/devices
Makes Network Intelligent
Introduction
Reduces Protocol Deployment
Time From Years to Months
Copyright 2002 Stephen F. Bush
6
Change Is Inevitable
Internet Protocol
•
•
•
•
•
Active and Programmable Networks
Fossilized: Resistant to Change
• Built for Change
Layers of Complexity O(4000) RFCs
• Reduced Complexity
Inability to Customize Quickly or Efficiently • Rapid, Efficient Customization
Lack of Security Paradigm
• Security Paradigm Built-in
Downward Side of the Innovation Curve
• Upward Innovation Path
Introduction
Copyright 2002 Stephen F. Bush
7
Integrated Versus Discrete
Approaches
Discrete Approach
Programs (P) Injected
Into Active Nodes
Separately From Passive
Data (D)
P
D
P
D
Integrated Approach
Programs Integrated Into
Every Packet Along With
Passive Data
Introduction
DP
DP
Active
Network
Node
Copyright 2002 Stephen F. Bush
8
Many Recent Examples
Active Distributed Simulation
Active Network Monitoring and Control
SANDS: Specialized Active Networking for Distributed Simulation, S.
Zabele, M. Dorsch, Z. Ge, P. Ji, M. Keaton, J. Kurose, J., Shapiro, and D.
Towsley, Proceedings of the 2002 DARPA Active Networks Conference and
Exposition (DANCE 2002). IEEE Computer Society Press. pp. 534-553,
ISBN 0-7695-1564-9. May 29-30, 2002. San Francisco, California, USA
Active Network Monitoring and Control: The SENCOMM Architecture
and Implementation, A. Jackson, J. Sterbenz, M. Condell, and R. Hain,
Proceedings of the 2002 DARPA Active Networks Conference and
Exposition (DANCE 2002). IEEE Computer Society Press. pp. 534-553,
ISBN 0-7695-1564-9. May 29-30, 2002. San Francisco, California, USA
Self –Organizing Video Transcoding
Resource Adaptive Netcentric Systems on Active Networks: A SelfOrganizing Video Stream that Auto Morphs Itself While in Transit… J.
Khan, S. Yang, D. Patel, O. Komogortsev, W. Oh, Z. Guo, Q. Gu, and P.
Mail, Proceedings of the 2002 DARPA Active Networks Conference and
Exposition (DANCE 2002). IEEE Computer Society Press. pp. 534-553,
ISBN 0-7695-1564-9. May 29-30, 2002. San Francisco, California, USA
Introduction
Copyright 2002 Stephen F. Bush
9
“Active” Conferences
IWAN (http://www.iwan2003.org/)
IEEE OpenArch (http://www.openarch.org/)
AMS Active Middleware Services
(http://www.caip.rutgers.edu/ams2003/)
Etc…
Introduction
Copyright 2002 Stephen F. Bush
10
Section 1
Active Network Framework
Legacy Co-Existence
Host
Active
Router
Legacy
Router
Active
Router
ip_active
ip_active
Cut-through
Sect. I: Framework
Host
Cut-through
Copyright 2002 Stephen F. Bush
12
Active Network Framework
AAAA AA AA
Active Application (AA)
EE 1 EE 2
Execution Environment (EE)
NodeOS
The active network application
Analogous to a Unix shell in which to
execute a packet
Node Operating System (NodeOS)
Hardware
Sect. I: Framework
Operating System support for Execution
Environments
Copyright 2002 Stephen F. Bush
13
Active Network Framework
Primary Focus Is Communication and Not
Computation
Packet Is Unit of Multiplexing
No Assumptions About Underlying
Forwarding Technologies
Sect. I: Framework
Copyright 2002 Stephen F. Bush
14
Active Network Framework
EE 1
...
EE 2
...
Execution
Environment
IPv6
Security
Enforcement
Engine
...
Channels
Management
EE
Store
NodeOS
Policy db
Active Network Working Group Version 1.0, Ken Calvert ed. Active Network Framework. http://www.cc.gatech.edu/projects/canes/arch/arch-0-9.ps, August
31 1998. Version 0.9.", citeseer.nj.nec.com/group98architectural.html.
Sect. I: Framework
Copyright 2002 Stephen F. Bush
15
Management Execution
Environment
Maintains Security Policy Database
Loads/Configures New EEs
Supports Instantiation of Network
Management Services
See Anetd and the ABone
Defines Management Operations
Sect. I: Framework
Copyright 2002 Stephen F. Bush
16
Framework Considerations (I)
End Systems (ES) and Intermediate Systems (IS)
No Architectural Differences Between EEs and ISs.
Execution Environment (EE) and Active
Application (AA)
AA Implements an End-to-end Service Executed Within
an EE
AA Can Be Loaded Either In-band or Out-of-band
Sect. I: Framework
Copyright 2002 Stephen F. Bush
17
Framework Considerations (II)
AA Should Be Composable
Mobility and Multicast AAs Should Work
Together to Implement Mobile Multicast
EE and AA Deployment
EE API Must Be Available for AA Access
ANEP Packet Types Accepted by EE Must Be
Available
Sect. I: Framework
Copyright 2002 Stephen F. Bush
18
Framework Considerations (III)
Node Operating System (NodeOS)
Primary Role Is Mediator of Node Resources to
the EEs
Security
All Requests to the NodeOS Are Verified Based
Upon Credentials Sufficient to Verify Authorized
Access
EEs Must Trust NodeOS and Can Add Stricter
Policies
NodeOS May Trust Some EEs More Than Others
Sect. I: Framework
Copyright 2002 Stephen F. Bush
19
Framework Considerations (IV)
Bounding Resource Usage
Transmission
Computation
Relatively easy – we know how to do this (bit rate)
Hard – NIST computational models*
Storage
Relatively easy – (bytes)
* V. Galtier, K. Mills, and Y. Carlinet National Institute of Standards and Technology, S. Bush and A. Kulkarni, General Electric
Corporate R&D. PREDICTING RESOURCE DEMAND IN HETEROGENEOUS ACTIVE NETWORKS. MILCOM 2001, McLean, VA,
October 28-31.
Sect. I: Framework
Copyright 2002 Stephen F. Bush
20
Framework Considerations (V)
Division of Labor Example: NodeOS
Implement Routing for EEs Rather Than Each EE
Implementing Its Own Routing
Loss of Flexibility If Each EE Wants to Use Different
Routing Algorithm
Sect. I: Framework
Copyright 2002 Stephen F. Bush
21
Active Network Framework
EE 1
IP|UDP|ANEP
UDP|IP
ANEP|IP
sched
IP|UDP|ANEP
IP|UDP
EE 2
UDP|IP
IP
IP
IP|ANEP
IPv4
(Cut-through)
Packet
Input Channel
Classification Processing
EE 3
EE
Processing
sched
ANEP|UDP|IP
IP
sched
classify
IP
IP
Output Channel Scheduling and
Processing
Transmission
Active Network Working Group Version 1.0, Ken Calvert ed. Active Network Framework. http://www.cc.gatech.edu/projects/canes/arch/arch-0-9.ps, August
31 1998. Version 0.9.", citeseer.nj.nec.com/group98architectural.html.
Sect. I: Framework
Copyright 2002 Stephen F. Bush
22
Hardware Reference Model
output ports
input ports
Switch
Fabric
Passive
input ports
Active
EE EE EE
output ports
Switch
Fabric
Active Network Working Group Version 1.0, Ken Calvert ed. Active Network Framework. http://www.cc.gatech.edu/projects/canes/arch/arch-0-9.ps, August
31 1998. Version 0.9.", citeseer.nj.nec.com/group98architectural.html.
Sect. I: Framework
Copyright 2002 Stephen F. Bush
23
Active Hardware Performance
Fred Kuhns, John DeHart, Anshul Kantawala, Ralph Keller, John Lockwood,
Prahanth Pappu, David Richard, David Taylor, Jyoti Parwatikar, Ed
Spitznagel, Jon Turner, and Ken Wong, Design and Evaluation of a HighPerformance Dynamically Extensible Router. Proceedings of the 2002
DARPA Active Networks Conference and Exposition (DANCE 2002). IEEE
Computer Society Press. pp. 534-553, ISBN 0-7695-1564-9. May 29-30,
2002. San Francisco, California, USA.
Active QoS Video Streams at Several Megabits Per Second
Tal Lavian, Phil Wang, Franco Travostino, Siva Subramanian and Ramesh
Duraraj, Enabling Active Flow Manipulation in Silicon-based Network
Forwarding Engines, ibid.
Hrishikesh Dandekar, Andrew Purtell, and Stephen Schwab. AMP:
Experiences with Building an Exokernel-based Platform for Active
Networking. ibid.
Sect. I: Framework
Copyright 2002 Stephen F. Bush
24
SmallState and GlobalState
Active Packets Leave Information on Node for Use
by Other Active Packets and Other Active
Applications
SmallState Access Policy
SmallState Time to Live
SmallState CPU and Memory Usage
Only Method of Inter-Active Application
Communication
Potential Bottleneck
Sect. I: Framework
Copyright 2002 Stephen F. Bush
25
Node Operating System (NodeOS)
Resource Abstractions
Thread pools
Memory pools
Channels
Files
Flows (or Domains)
Active Network Working Group, Larry Peterson ed. NodeOS Interface Specification. January 24, 2000,
citeseer.nj.nec.com/532678.html.
Sect. I: Framework
Copyright 2002 Stephen F. Bush
26
Node Operating System
EE
EE
EE
Anchored
Active Network Working Group, Larry Peterson ed. NodeOS Interface
Specification. January 24, 2000, citeseer.nj.nec.com/532678.html.
Sect. I: Framework
Copyright 2002 Stephen F. Bush
NodeOS
ETH|IP|ATM
ANEP|UDP|IP|ATM
ANEP|UDP|IP|ATM
NodeOS
ANEP|UDP|IP|ATM
Port
ANEP|UDP|IP|ATM
NodeOS
Cut-Through
27
Active Domains (Flows): Resource
Control
NodeOS
EE 1
Domain 1
EE 2
Domain 2
Threads
InChan
Memory
OutChan
InChan
Each Domain Is
Allocated Resources
According to Policy in
Effect at Flow Creation
Time
Patrick Tullman, Mike
Hibler, and Jay Lepreau.
Janos: A Java-oriented
OS for Active Network
Nodes, 2002
OutChan
Active Network Working Group, Larry Peterson ed. NodeOS Interface Specification. January 24, 2000, citeseer.nj.nec.com/532678.html.
Sect. I: Framework
Copyright 2002 Stephen F. Bush
28
Composable Services
Sequence Control
Shared Data Control
Instantiation/selection of a Service From Options
Invocation Methods
Sharing Data Among Components
Binding Time
Ordering of Component Execution
Event Causing a Service to Be Executed
Division of Functionality
Packet Versus Node Content (What Goes Where?)
Sect. I: Framework
Copyright 2002 Stephen F. Bush
29
Section 2
Active Network Frame work
and Testbeds
Purpose of ANEP
Uniquely and Quickly Determine the
Environment in Which the Packet Is Intended
to Be Evaluated
Allow Minimal, Default Processing of Packets
for Which the Intended Evaluation
Environment Is Unavailable
Information That Does Not Fit Conceptually or
Pragmatically in the Encapsulated Program
Can Be Placed in the Header
Active Network Group. Active Network Encapsulation Protocol. July 1997, http://www.cis.upenn.edu/~switchware/ANEP/docs/ANEP.txt.
Sect. II: Framework
Copyright 2002 Stephen F. Bush
31
ANEP Packet Structure
Active Network Encapsulation Protocol (ANEP)
Allows Encapsulation of Active Packets in Any
Transport Media
0
7
15
31
Version
Flags
Type ID
ANEP Header Length ANEP Packet Length
Options
Payload
Sect. II: Framework
Copyright 2002 Stephen F. Bush
32
ANEP Flag Option
Bit 0
Indicates That This Option Is Valid Only Within the
Type ID i.e. Do Not Parse the Option at This Level
Bit 1
Indicates Whether to Discard Packet If Option
Cannot Be Parsed
0
1 2
Flag
15
Type
16
31
Length
Options Payload
Sect. II: Framework
Copyright 2002 Stephen F. Bush
33
ANEP Option Types
Option
Type
Source Identifier
Ipv4 Address (32 Bits)
Ipv6 Address (128 Bits)
802.3 Address (48 Bits)
Destination Identifier
1
1
2
3
2
Same Addressing Schemes As Above
Sect. II: Framework
Copyright 2002 Stephen F. Bush
34
ANEP Option Types
Integrity Checksum
3
Option Payload Contains 1’s Complement of the 1’s
Complement Sum of the Entire ANEP Packet,
Starting With the ANEP Version Field
Non-negotiated Authentication
4
Non-negotiated Authentication
– SPKI Self-signed Certificate
– X.509 Self-signed Certificate
Sect. II: Framework
Copyright 2002 Stephen F. Bush
1
2
35
ANEP Payload
Any Data or Code to Be Executed by an EE
ANTS Code
Magician Code
ASP Code
SmartPacket Code
PLAN Code
0
Version
7
15
Flags
31
Type ID
ANEP Header Length
ANEP Packet Length
Options
Payload
Sect. II: Framework
Copyright 2002 Stephen F. Bush
36
Active Network Backbone
(ABone)
ACTIVATE (SRI)
Collaborative Project to Design, Build, and Manage a
Large-scale Testbed to Meet the Unique Requirements
of Active Network (AN) Research and Development
http://ftp.isi.edu/abone/
[email protected] Mailing List Using
[email protected].
Sect. II: Framework
Copyright 2002 Stephen F. Bush
37
ANTS Execution Environment
Capsules Identify Their Type As They Travel
If Required Code Is Not at a Node, a Load
Request Is Sent to the Previous Node
Previous Node Sends Entire Code Required
by Capsule
Requesting Node Incorporates the Code Into
Its Cache and Can Respond As Previous
Node Did If Necessary
David J. Wetherall, John V. Guttag and David L. Tennenhouse. ANTS: A Toolkit for Building and Dynamically Deploying Network Protocols. In IEEE
OPENARCH, April 1998. http://citeseer.nj.nec.com/wetherall98ants.html
Sect. II: Framework
Copyright 2002 Stephen F. Bush
38
Magician Execution Environment
Java-based Runs at the User Level.
Magician Active Packets Are Java Objects and
Can Contain Java Objects…
Easy to Install on Any Java VM in Order to Build
Prototype Active Network.
Not Limited to Primitive Data Types
Serialized Objects Sent One Time Only
Remaining Packets Use Pointer to Stored Object
Sect. II: Framework
Copyright 2002 Stephen F. Bush
39
SmartPacket Structure
0
7
15
Version
Flags
ANEP Header Length
31
Type ID
ANEP Packet Length
ANEP Source Option TLV
ANEP Destination Option TLV
ANEP Authentication Option TLV *
SmartPacket Java Serialized Object
* The authentication option payload is a MD-5 message digest of the structure of
the SmartPacket.
Sect. II: Framework
Copyright 2002 Stephen F. Bush
40
Section 3
Active Network Security
Framework
Security Is Not a Solved Problem
Network Security in General Is Not a Solved
Problem
Active Networking Has a Well-defined
Framework in Which Security Can Be
Managed
This Section Discusses That Framework
Copyright 2002 Stephen F. Bush
42
Security Framework Document
Security Architecture for Active
Networks
AN Security Working Group
DRAFT Status
Sandy Murphy, NAI Labs
Security Architecture for Active Networks (latest version is May 2001). Discussion on ActiveNets_Security mailing list.
Sandy Murphy is the editor.
Sect. III: Security
Copyright 2002 Stephen F. Bush
43
Abstractions
Attacks*
Policy
Subjects
Objects
Actions
Unauthorized
Disclosure
Deception
Disruption
Usurpation
Assets
Node
EE
Sender
Active code
*RFC2828
Sect. III: Security
Copyright 2002 Stephen F. Bush
44
Threat Table
This Column: Can See Threat From:
Packet
Sender
Code
EE
Node
Yes
Yes
Yes
Code
Yes
Yes
Yes
Yes
EE
Yes
Yes
Yes
Yes
Node
Yes
Yes
Yes
This Column: Can Be Protected From:
Packet
Code
EE
Node
Sender
N/A
Yes
Not Really
Not Really
Code
Yes
Yes
Not Really
Not Really
EE
Yes
Yes
Yes
Not Really
Node
Yes
Yes
Yes and
No
N/A
Sect. III: Security
Copyright 2002 Stephen F. Bush
45
Security in the Life of an Active
Packet
Hop-hop Key Identifier--if integrity check fails, packet dropped
Domain Filter--packet assigned to domain
Credentials Extracted--and verified
Authentication--NodeOS checks EE & Domain if such pkts.
allowed
Code Extraction--from packet
Credentials Bound to Code--only authorized operations allowed
to continue
Execution--code executes
Access to Resources--controlled by credentials
Packets Are Encrypted—for transmission by NodeOS
Hop-hop Integrity Applied to Transmitted Packets--cycle
repeats at next node
Sect. III: Security
Copyright 2002 Stephen F. Bush
46
Integration with NAI Labs
Integrate GE Complexity Measures and Active
Network Fault Response (ANFR) Revocation
The GE Complexity Measures Spot Misbehavior,
Instigating a Revocation
GE Code Notices Code Complexity Is Outside
Tolerance
Sends Revocation Notice of That Active Code
Needed to Align GE and ANFR Ways of Identifying Code
Makes Network Self-healing
Sect. III: Security
Copyright 2002 Stephen F. Bush
47
Integration of GE Complexity:
Self-Healing Network
GE Probe
Measures
Traffic
Complexity of
ANEP Traffic...
Magician
Probe
Revocation
Tool
Active
Code
ANFR
Active Packets
(ANEP-EE Traffic)
Sect. III: Security
Copyright 2002 Stephen F. Bush
... And Tool
Sends
Revocation
Notices
48
Active Network Security
S. Murphy, E. Lewis, and R. Watson. Secure Active Network Prototypes.
Proceedings of the 2002 DARPA Active Networks Conference and
Exposition (DANCE 2002). IEEE Computer Society Press. pp. 534-553,
ISBN 0-7695-1564-9. May 29-30, 2002. San Francisco, California, USA.
Secure version of MIT ANTS EE
W. La Cholter P. Narasimhan, D. Sterne, R. Balupari, K. Djahandari, A.
Mani and S. Murphy. IBAN: Intrusion Blocker Based on Active
Networks, ibid.
Adaptive Intrusion Detection and Response w/ANTS EE
D. Sterne, K. Djahandari, R. Balupari, W. La Cholter, B. Babson, B. Wilson,
P. Narasimhan, and A. Purtell. Developing Dynamic Security Policies.
ibid.
S. Krishnaswamy, J. Evans, and G. Minden. A Prototype Framework for
Providing Hop-by-hop Security in an Experimentally Deployed Active
Network, ibid.
Sect. I: Framework
Copyright 2002 Stephen F. Bush
49
Section 4
Data Versus Code Tradeoff:
Kolmogorov Complexity
Relating Computation and
Communication
Pre-active (Node only Processing)
Existed Before Active Networking
Fixed Processing Capability
Attempted to Squeeze All Processing Out of the Middle and Towards
the Ends of the Protocol
Attempted to Focus on Movement of Bits
Active Network Era (Packet Dominated Processing)
Fluid Processing Capability
Processing Placed When/where It Makes Sense
Developer’s Must Have a Keen Sense of the Trade-offs in
Processing Versus Communication
Sect. IV: Computation
Copyright 2002 Stephen F. Bush
51
Computation vs. Communication
Tradeoff
How Much Code Should Be in an Active
Application (i.e. in the network)?
How Should Code Be Partitioned Into
Packets?
Answers to These Questions Can Be
Derived Through Complexity Theory
Sect. IV: Computation
Copyright 2002 Stephen F. Bush
52
Challenges in Active Networking
When Does Active Networking Offer a Benefit?
Playing With This Dial Is Extremely Challenging and
Expensive Inside a Network!!
Solutions May Come From Biological Research:
“Evolve” New Code Inside the Network
Use Complexity/homology in the Network to Reduce Likelihood of
Attack
Active Packet
D|H
Sect. IV: Computation
Copyright 2002 Stephen F. Bush
E
53
Early Active Networking Results:
Packet Size Versus Processing
Per Packet Resource Consumption Must Be
Predicted and Guaranteed Quickly and Efficiently
No Backward Code Pointer
Forced Relationship Between Packet Size and
Resources Used
Simple Solution, But Too Constraining
Moore, Jonathan T., Hicks, Michael, and Nettles, Scott. Practical Programmable Packets. Proceedings of
the 20th Joint Conference IEEE Computer and Communications Societies, Apr 2001.
Sect. IV: Computation
Copyright 2002 Stephen F. Bush
54
What Is Kolmogorov Complexity?
A Measure of Descriptive Complexity
K Among Different Universal Computers Differs by
a Constant
Bounded by the Length of the String
Related to Entropy
K ( x) min l ( p )
( p ) x
A Fundamental Measure of Information Content
Sect. IV: Computation
Copyright 2002 Stephen F. Bush
55
Program Complexity Versus
Processing
Kolmogorov Complexity
Data Versus Code
All Bars (Graph at Right)
Represent the Same
Information
Li, Ming and Vitányi, Paul. An Introduction to Kolmogorov Complexity and Its Applications,
ISBN 0-387-94868-6, Springer, NY 1997.
Sect. IV: Computation
Copyright 2002 Stephen F. Bush
56
Legacy Versus Active Networking
Legacy (Non Active)
Networking
Applications and Network Oblivious
of One-another
Applications
Active Networking
• Tighter Integration of Full System
• Applications Decoupled From the
Legacy Infrastructure
Applications
Network
Network
Performance Is No Longer Measured by How Fast Meaningless Bits Are
Pumped Across at the Network Level
Sect. IV: Computation
Copyright 2002 Stephen F. Bush
57
Model Versus Data Tradeoff
Suppose we want to estimate the complexity of a string of
alternating 1’s and 0’s
{128 bit strings}
000000000000..000
000000000000..001
000000000000..010
000000000000..011
…
1111111111111..10
1111111111111..11
128
38
2
Small model, lots of data– most irrelevant
in identifying target pattern– poor
complexity estimate
D|H
E
3.4 x10
Sect. IV: Computation
Copyright 2002 Stephen F. Bush
58
Model Versus Data
Suppose we want to estimate the complexity of a string of
alternating 1’s and 0’s
{128 bit strings with 64 1s}
Slightly larger model, less data–
better complexity estimate
1111…0000
1100..1100
1001..1001
…
1010..1010
D|H
E
2124.171
Sect. IV: Computation
Copyright 2002 Stephen F. Bush
59
Minimum Description Length
K(x)
101010
010101
Slightly larger model, small amount
of data– good complexity estimate
{128 bit strings alternating 1 and 0}
2
Data Size
Sect. IV: Computation
Model Size
(Sophistication)
Copyright 2002 Stephen F. Bush
D|H
E
60
Thoughts on the Future of Active
Networks…
Change Is Inevitable-- Active Networking Is Still in Its
Infancy
Excellent Experimental Platform for Developing Protocols
Active Concepts Rising in Demand by Developers and Customers
Internet Becoming Too Complex to Hard-wire All User
Customizations Into the Network
When Physical Limit on Bit Transfer Rate Reached, a Re-thinking
of Computation Versus Communication (i.e. Active Networking) Will
Occur (a la ad-hoc networking now)
THE END
(Bibliography and Appendices Follow…)
Summary
Copyright 2002 Stephen F. Bush
61
Additional Information
Proceedings of the 2002 DARPA Active Networks
Conference and Exposition (DANCE 2002). IEEE
Computer Society Press. pp. 534-553, ISBN 07695-1564-9. May 29-30, 2002. San Francisco,
California, USA
www.research.ge.com/~bushsf/ftn
Summary
Copyright 2002 Stephen F. Bush
62
Kluwer Academic/Plenum Publishers, New York, Boston, Dordrecht,
London, Moscow, 2001, 196 pp. Hardbound, ISBN 0-306-46560-4
Bibliography
Copyright 2002 Stephen F. Bush
63
Bibliography I
Bush, Stephen F., Kulkarni, Amit B., Active Networks and Active Network Management: A Proactive
Management Framework. Kluwer Academic/Plenum Publishers, New York, Boston, Dordrecht,
London, Moscow, 2001, 196 pp. Hardbound, ISBN 0-306-46560-4
Ken Calvert ed., Active Network Framework, Active Network Working Group Version 1.0, July 27,
1999, http://www.cc.gatech.edu/projects/canes/papers/arch-1-0.ps.gz.
Alexander et al., Active Network Encapsulation Protocol., July 1997,
http://www.cis.upenn.edu/switchware/ANEP.
Peterson, Larry ed., NodeOS Interface Specification. Active Network Working Group, January 24,
2000, http://www.cs.princeton.edu/nsg/papers/nodeos.ps.
Zegura, Ellen ed., Composable Services for Active Networks. AN Composable Services Working
Group September 1998, http://www.cc.gatech.edu/projects/canes/papers/cs-draft0-3.ps.gz.
M. Hicks, P. Kakkar, T. Moore, C. Gunter, and S. Nettles, PLAN: A Programming Language for
Active Networks. International Conference on Functional Programming (ICFP’98), 1998.
Bibliography
Copyright 2002 Stephen F. Bush
64
Bibliography II
S. da Dilva, D. Florissi and Y. Yemini, Composing Active Services in NetScript. DARPA Active
Networks Workshop, Tuscon AZ, March 1998.
S. Bhattacharjee, K. Calvert, and E. Zegura. Reasoning about active network protocols. In IEEE
ICNP’98, Austion, TX, October 1998.
Livio Ricciulli, Anetd: Active NETworks Daemon. September 2, 1998.
David J. Wetherall, John V. Guttag and David L. Tennenhouse. ANTS: A Toolkit for Building and
Dynamically Deploying Network Protocols. Submitted to IEEE OPENARCH 1998, April 1998.
A. B. Kulkarni and G. J. Minden and R. Hill and Y. Wijata and S. Sheth and H. Pindi and F. Wahhab
and A. Gopinath and A. Nagarajan. Implementation of a Prototype Active Network. IEEE
OPENARCH 1998, April 1998.
Bibliography
Copyright 2002 Stephen F. Bush
65
Bibliography III
Stephen F. Bush. Active Virtual Network Management Prediction. Proceedings of the Conference
on Parallel and Discrete Event Simulation (PADS) 1999, Atlanta, GA. April 1999.
Stephen F. Bush. Active Virtual Network Management Prediction. Virtual Worlds (VWSIM) 2000,
San Diego, CA. Jan 2000.
Bhattacharjee, Calvert, Zegura. Self-Organizing Wide-Area Network Caches, Proceeding of IEEE
INFOCOM, 1998.
Li-wei, H. Lehman, Stephen J. Garland, and David L. Tennenhouse. Active Reliable Multicast,
Proceeding of IEEE INFOCOM, 1998.
Wetherall, David. Active Network Vision and reality: lessons from a capsule-based system. 17th
ACM Symposium on Operating Systems Principles.
Bibliography
Copyright 2002 Stephen F. Bush
66
Appendix A
Active Packet Details
Active Network Application
Packet Programming
Packet Class Definition Base Class*
Extend KU_SmartPackets_V2 or ReliableCommFW
Active Packets Must Be Serializable
Class Definitions Sent Before Packets Are Transmitted
(Can Cause Delay Upon First Packet Transmission)
public class AA_Packet_Base extends
magician.Node.KU_SmartPacket_V2
implements java.io.Serializable {
...
* The Magician EE is freely available as part of Atropos library in
http://Atropos.sourceforge.net/download.html
App A: Framework
Copyright 2002 Stephen F. Bush
68
Application Base Class
…
private void writeObject(ObjectOutputStream out)
throws IOException {
try {
Field[] comps =
Class.forName("Atropos.java.lp.AtroposBase").getDeclaredFields();
describeComponents(comps, out);
} catch(ClassNotFoundException e){
e.printStackTrace();
}
out.defaultWriteObject();
}
Extend AA_Packet_Base For Your Active Application
App A: Framework
Copyright 2002 Stephen F. Bush
69
Programming the Packet
Extend Base Class From Previous Slide
exec() Method Overridden With Code to Be Executed
ANEP Packet
public class AA_Packet extends AA_Packet_Base {
…
public void exec() {
...
}
}
App A: Framework
Copyright 2002 Stephen F. Bush
70
Example: Active Ping
ANEP Packet
public void exec() {
String NodeName = GetNodeName();
if (NodeName.equals(Source_Address) && !hasPinged)
sendTime = System.currentTimeMillis();
if (NodeName.equals(Destination_Address)) {
if (hasPinged) {
rtt = System.currentTimeMillis();
rtt = rtt - sendTime;
System.out.println("SmartPingV2: Round trip time = " + rtt + " ms");
halt();
} else {
hasPinged = true;
Destination_Address = Source_Address;
Source_Address = NodeName;
}
}
}
App A: Framework
Copyright 2002 Stephen F. Bush
71
Example: Active Ping Spatial
A
View
Source
Destination
B
ANEP Packet
if (NodeName.equals(Source_Address) &&
Pack Forwarded
!hasPinged)
A
sendTime = System.currentTimeMillis();
hasPinged = true;
Destination_Address = Source_Address;
Source_Address = NodeName;
B
rtt = System.currentTimeMillis();
rtt = rtt - sendTime;
System.out.println("SmartPingV2: Round trip time = " + rtt + " ms");
halt();
What part of the code tells the packet to travel to the Destination?
How does the returning packet “interact” with the initial packet?
App A: Framework
Copyright 2002 Stephen F. Bush
72
SmallState: Leaving State Behind
ANEP Packet
import magician.Node.*;
…
if(NodeName.equals(Destination_Address)) {
try {
o = (Object)
ActiveNodeManager.GetGlobalState("rQ");
rQ = (AtroposQueue) o;
} catch (NullPointerException e) {
Retrieve a
SmallState
object
error = 1;
System.out.println("AtroposPacket rQ does not exist");
} catch (NoSuchElementException e) {
error = 2;
System.out.println("AtroposPacket rQ is empty");
}
…
App A: Framework
Copyright 2002 Stephen F. Bush
73
SmallState: Leaving State Behind
ANEP Packet
import magician.Node.*;
…
if(error == 0 || error == 2) {
rQ.add((AtroposPacket) this);
ActiveNodeManager.SetGlobalState("rQ", rQ);
}
halt();
Retrieve a
SmallState
object
}
App A: Framework
Copyright 2002 Stephen F. Bush
74
Active Packet Example Code
ANEP Packet
String NextNode;
for (Enumeration e = ActiveNodeManager.getNeighbors().elements();
e.hasMoreElements(); ) {
NextNode = (String) e.nextElement();
if (NextNode.equals(getSourceAddress())) {
Retrieve List of Adjacent
Nodes
continue;
}
if (!isInOthers(NextNode, "snmp_others")) {
InjectSnmp app = new InjectSnmp(NextNode);
app.redundant = false;
app.addresses = getOtherAtropos("snmp_others");
app.Destination_Address = NextNode;
Send App to Next
Neighboring Node
app.SendForProcessing(NextNode);
}
App A: Framework
Copyright 2002 Stephen F. Bush
75
Appendix B
Active In-line Prediction
Application
Injecting a Model into the Net
(Self Prediction)
Goal: Active Virtual Network Management Prediction
Distributed Model
Prediction Capability
within/among Systems
(t+Lookahead)
Actual
System
(t)
Deployment:
AN-1
Best use of space and time
L-2
LP
DP
LP
L-3
L-1
AN-5
LP
AN-4
L-4
Virtual System
AN-1
L-1
L-2
L-3
AN-4
AN-5
L-4
Real System
App B: Prediction
Copyright 2002 Stephen F. Bush
77
Properties
Active Virtual Network Management Prediction (Atropos) is
asynchronous
One input queue for each Logical Process
No restriction on the order in which messages are sent
Virtual time is the simulation time as seen by individual
processes
Processes need not wait until they can safely process the
next input message
False messages cause a process to go backwards in
simulation time
App B: Prediction
Copyright 2002 Stephen F. Bush
78
Accuracy-Performance Tradeoff
Out of Tolerance Messages
Prediction Error
Experiment involved demanding more accuracy
over time by reducing the error between predicted
and actual values, however...
Look-ahead
… this required more out-of-tolerance messages...
Speedup
…the tradeoff was loss in Look-ahead...
App B: Prediction
Copyright 2002 Stephen F. Bush
…. and loss in speedup
79
Tangled Hierarchy Caused by
Self Prediction
Tangled Hierarchy
Virtual Time/real Time
Real Process/logical Process
Simulation of Atropos Predictive Management System
Predictive SNMP Manager Uses Atropos to Optimize
Polling of Atropos
Predictive Management System Uses Simulation (Lookahead)
Experimental Validation
Predictive Network Management System Managing a
Predictive Mobile Network
App B: Prediction
Copyright 2002 Stephen F. Bush
80
Cyclic Self-Prediction Refinement
Prediction ends when preset look ahead is reached
Previous predictions are refined as time progresses
App B: Prediction
Copyright 2002 Stephen F. Bush
81
Self Prediction: Experimental Validation of KC
(estimated) and Error (E) given Hypotheses
(Hn)
Inverse relationship
between compression
ratio and prediction
error...
(CR)
Error
(pkts)
Tolerance
Hn
… however complexity
and error are directly
related
App B: Prediction
(CR)
Copyright 2002 Stephen F. Bush
82
Validating Hypotheses for
Complex Systems (MDL)
Step 1. Collect Data Samples: Data (D)
Complex System
Step 2. Form Hypothesis: Hypothesis (H)
Step 3. Validate Hypothesis (Prediction): Min{K(H)+K(E|H)} given Error (E)
-- Simple Illustration-• Correlate Gene Function to Planetary Alignment : Small H, but a Large E
• “Correct” Planetary Alignment Algorithm to Predict Gene Function: Small E,
but much larger H
• The True Hypothesis Describing Gene Function: Smallest Sum of H and E
Sect. IV: Computation
Copyright 2002 Stephen F. Bush
83
Appendix C
Kolmogorov Complexity
and Information Assurance
Complexity Estimation
Sect. IV: Computation
Copyright 2002 Stephen F. Bush
85
Context of Complexity for
Vulnerability Analysis
Evaluate
Detect
Sect. IV: Computation
Copyright 2002 Stephen F. Bush
86