Transcript Defense - Computer Science Division

Rather than designing and evaluating a solution to a technical problem, the following
paper articulates a sweeping vision of a future Internet that allows users to “program”
network elements
Inspires from the mobile code and component based software engineering
The GENI (Global Environment for Network Innovations) facility envisioned by the U.S.
National Science Foundation has a similar notion of slice-level programmability.
This paper has 825 citations and is widely used in graduate networking courses
ACM SIGCOMM Computer Communications group calls this an “outstanding paper”
whose contents are still a vibrant and useful contribution today.
This presentation was inspired from D. Witherall’s original work
Close Platform
Main purpose is
to route packets
Hard to deploy
new services
Present
day
Routers
Compared to PC and Web, Internet is evolving at a snail’s pace
Reason: PC and Web are programmable  Anyone can deploy new services
Emergence of active
technologies supporting the
encapsulation and safe
execution of program
fragments
Goal is to replace the
numerous ad hoc approaches
with a generic capability that
allows users to program their
networks
Ad hoc collection of firewalls,
Web Proxies, multicast routers,
mobile proxies that perform
user-driven computation at
nodes “within” the network.
Extend these technologies for
use within the network – in
ways that will change the
notion of what is “in” the
network
Customer
Active
Names
Active
Services
IOS
Active
ANTS
PLAN
PAN
Click
Plugins
Manager
Flow
Packet
Aleksandar:
RED/ECN
Steve: PIM
Packets
Routers
• User-level reference platform
– ~10,000 lines, 100% Java, UDP overlay
– Nodes build on Java protection
• Publicly released since 1997
– http://www.cs.washington.edu/research/networking/ants/
– Used at MIT, Utah, TIS, TASC, SRI, UIUC, UCLA, …
– ANTS2.0 is the latest release, led by Utah
Authorized application vendors can authenticate themselves and inject appropriate
modules into it  Firewalls
Users can adapt video to fit their bandwidth/screen size depending on the available
bandwidth link  Nomadic Router
Web caches can generate dynamic web pages  Web Proxies
Wireless base station can retransmit packets  Wireless
Allow users to see composite images constructed by fusing information obtained from a
number of sensors  Sensor fusion
Main Idea: Users can insert code
into the network and run
computations on the packet
Cisco
OR
Authorized Vendors
OR
End Users
Install program onto router
Packet carries the program
Program/ Function Name
Scripts
Binaries
Packet
Reference
Code
Reference is based on fingerprint:
– Efficient: MD5 is 128 bits, quick to compute
– Prevents code spoofing: verify without trust
– No need for “standards body”: distributed naming
Special Active Nodes
Any router
Network  Routing
Transport  Packet Filtering
Application  Compression
Q: Can we deploy important services?
A: Yes.
– Well-suited to experimenting w/ protocol variations (rather than computation pushed into network)
– Exceptions: enforcing policy at a point (firewalls) and resource control (guaranteed service)
Q: Is performance a show-stopper?
– Model is more expensive than IP
A: No.
– Very few extra steps over IP in common case
and extra steps (demux, safe eval) known to
run fast
Q: Can untrusted users program the
network?
A: Partly. This is difficult!
Program Isolation - Solved
Program Starvation – Not solved
Discrete
Packets are sent normally but header identifies additional function to
operate on the packet (possible to change it)
Approaches to Active
Networks
Integrated
Packets carry code with them, code gets executed from node to node
Capsules  Packets that carry code (and maybe data)
Capsule arrives at an active node 
Contents are evaluated
Capsule contents are dispatched to a transient execution environment
If required, “external” methods can be invoked
May change the non-transient state of the node
Destroy transient environment when done
Techniques
Foundation Components
Implement external
methods that provide
controlled access to
resources
Active Storage
Capsules could leave
information behind in a
node’s non-transient
environment – Soft State
Extensibility
Capsules can “plant”
uniquely named classes
and method at nodes, for
reference by others
Capsule Primitives
• Limited set of primitive actions
• Extended through the addition of external methods
• Achieving portability/mobility:
• Express in high-level language – Safe-TCL
• Byte coded virtual instruction set - Java
• Platform-dependent binary format and arrange for each capsule to carry different
binary encodings – Traditional OS approaches
Safe and Efficient Execution
Restrict the namespace of the capsule to the transient environment
Any capsule that accesses methods outside of that space must first authenticate itself
Available Technologies:
Source Code
Intermediate Code
Platform dependent
Binary Code
Example
Safe-TCL
(High Level)
Java
(Byte-code)
Traditional OS Approaches
(Binary)
Advantages
Human Readable and simple
programs can be composed
quickly
Significant improvement in
efficiency by off-loading
some responsibility from the
interpreter.
Directly executed by the
underlying hardware –
creates a sandbox
Disadvantages
Overhead of source code
interpretation and overall
size of programs
Still an interpreted language
Requires a sophisticated
compiler
Portability
Flexibility
Mobility
Features
Tradeoffs
Cost
Complexity
Traditional Approach
• By standardizing the syntax and semantics of packet
• Internet routers all support the agreed IP specifications
• Not to be confused by dominance! Routers can still implement
their own programs that are roughly “equivalent”
Active Networks Approach
• Active networks can execute many different programs
• Instead of syntax and semantic standardization, standardize the
computational model (instruction set + available resources)
Each capsule could leverage a
wide range of resources
System
could be
complex
Each of the resources should be
named, have its attributes
specified and be carefully
allocated.
Link abstraction must encompass the
units of bandwidth allocation and
take into account the traffic patterns
generated
Processing
Capability
Tx
Bandwidth
Transient
Storage
Interoperability
Logical
Storage
Active
Storage
Easier to abstract
In most cases it is sufficient to assign
every capsule a default allocation that
protects against runaway
computations.
Processing
Capability
Tx
Bandwidth
Transient
Storage
Interoperability
Logical
Storage
Active
Storage
Addressed on two axes: the storage
utilized during specific intervals and
the duration of those intervals
Most capsules free storage quickly,
however for those who don't a
garbage collection mechanism can be
implemented.
Processing
Capability
Tx
Bandwidth
Transient
Storage
Interoperability
Logical
Storage
Active
Storage
Storage of components that outlive
the execution of individual capsules.
For example on-demand loaded
components.
Processing
Capability
Tx
Bandwidth
Transient
Storage
Interoperability
Logical
Storage
Active
Storage
A mechanism for naming of logical
resources becomes necessary.
Processing
Capability
Tx
Bandwidth
Transient
Storage
Interoperability
Logical
Storage
Active
Storage
• Safe manipulation of node resources can be partitioned in three types of
activities:
– Dynamic assignment
• Dynamic resource allocation
– Validation
• Authenticate the capsule source, authorize and verify tampering (Achieved through
cryptography)
– Delegation
• Delegation of authorization
•
An effort of the research community to deploy a wide area ActiveNet
•
Issues that will be faced are the same as in the design of the current Internet
•
At first ActiveNet will adopt the technologies of the old Internet.
•
Also new algorithms that will leverage the new pool of active nodes.
• Traditional network architectures separate the upper (end-to-end layers)
from the lower (hop-by-hop layers).
• Network layer bridges in between.
• Active networks challenge this model.
– Computations performed in the network can be user and application specific
and user data is accessible to them
•
How is interoperability achieved?
– In old Internet, nodes perform equivalent computations on the packets
flowing through them.
– Active networks are capable of performing many different computations. Here
the consensus is in the program encoding and computation environment
•
Isn't the trend to have less functionality in the network?
– Actually it has been towards increasing computation
•
What's the impact on the layered reference model?
– The OSI model has proven useful but it shows cracks.
• Services at or below the network layer are presumed to be user and
application neutral.
• It deals poorly with upper layer services that are physically interposed
between endpoints
• Doesn't model the recursion that occurs at the network layer (tunnelling
of networks)
• Upper layers, are of diminished importance.
– Already ongoing research about changes to the OSI model.
•
What about the end-to-end argument?
– Designer objective should be to have an acceptable level of reliability
in the lower layers that does not trigger excessive intervention by the
end-to-end mechanism.
– Active networks actually allow this guideline to be followed more
accurately by allowing applications to partition functionality between
end points and intermediaries.
•
Why hasn't this been done before? Why try now?
– Mainly because the technologies required have evolved to a certain
point (ex. Code mobility)
•
SANE at University of Pennsylvania.
•
Georgia Tech- congestion control.
•
Bowman an OS for Active Nodes.
•
ARM and active Router Architecture for Multicasting.
•
Definitely an exciting step in network design.
•
Can potentially solve many of the current problems in passive networks, with a
wide application range.
•
Will increase the pace of innovation, through rapid deployment and testing of new
research.
•
However, most of the current implementations haven’t been deployed on a largescale net.
•
Security requirements are enormous and we’re still working on it!