Transcript NetServ Dynamic in-network service deployment

NetServ
Dynamic in-network service deployment
Henning Schulzrinne (Columbia University)
Srinivasan Seetharaman (Georgia Tech)
Volker Hilt (Bell Labs)
NetServ overview
Extensible architecture for core network services
• Modularization
QuickTime™ and a
decompressor
are needed to see this picture.
– Building Blocks
– Service Modules
• Virtual services
framework
– Security
– Portability
No more ossification in NGI
How is NetServ different from
Active Networks?
• Active Networks
– Packet contains executable code
• Can modify router states and behavior
– Not successful
• Per-packet processing too expensive
• Security concerns
• No compelling killer app to warrant such a big shift
– Notable work: ANTS, Janos, Switchware
• NetServ
– Virtualized services on current, passive networks
• Service invocation is signaling driven, not packet driven
– Service modules are stand-alone, addressable entities
• Separate from packet forwarding plane
• Extensible plug-in architecture
Building Blocks
• Key components of network services
– Access to network-level resource
– Implementation of common functionality
• For example:
– Link monitoring and measurement
– Routing table
– Packet capture
– Data storage and lookup
Service Modules
• Full-fledged service implementations
– Use Building Blocks and other Service Modules
– Can be implemented across multiple nodes
– Invoked by applications
• Examples:
– Routing-related services
• Multicast, anycast, QoS-based routing
– Monitoring services
• Link & system status, network topology
– Identity services
• Naming, security
– Traffic engineering services
• CDN, redundancy elimination, p2p network support
Virtual Services Framework
QuickTime™ and a
decompressor
are needed to see this picture.
• Container for Service Modules
– Security by module isolation (sandboxes)
– Portability by virtualization and common API to Building Blocks
• Features
–
–
–
–
Dynamic distribution of modules
Network service discovery
AAA mechanisms
Wide-range of nodes: routers, servers, PCs, set-top boxes
Research objectives
1. Define requirements for service-oriented
Internet architecture
2. Design architectural framework for virtualized
services
3. Identify key building blocks
4. Develop service discovery and distribution
mechanisms
5. Develop a content distribution service as a
showcase application
Content Distribution Service:
our showcase application
• CDN, the current kludge
– IP address conflates identity and location
– DNS abuse to get around it
• Content Distribution Service on NetServ Framework
– Based on generalized naming service module
• Ideas borrowed from other NGI proposals
– Also relies on network monitoring service module
• Together with policy info, underlies naming resolution
• Evaluation on GENI
Our initial approach
• Series of rapid prototyping cycles
– Identify technical challenges early on
– Start project with code rather than
documents and slides
NetServ prototype technology
overview
Service Modules
Building Blocks
written in Java
Building Blocks Virtual Services Framework
written in Java
in Java using OSGi
Java Native Interface (JNI) wrapper
Building Blocks written in C/C++
(library functions
and/or system calls)
Click Modular Router
(user or kernel mode)
Prototype technology:
Click router
• Runs as a Linux kernel module or user-level program
• Modules written in C++ (called Elements) are
configured in a text file
• Elements are arranged in a directed graph, through
which packets traverse
• Example:
– Click router command:
sudo click example.click
– Configuration file jae.click:
FromDevice(en0)->CheckIPHeader(14)->IPPrint->Discard;
• http://www.read.cs.ucla.edu/click/
Prototype technology: OSGi
• Dynamic module system for Java
– Modules loaded and unloaded at runtime
– Bundle: self-contained JAR file with specific structure
– Open-source implementations: Apache Felix, Eclipse Equinox
• Security and accounting
– Security built on Java 2 Security model
• Permission-based access control
• No fine-grained control or accounting for CPU, storage, bandwidth
• Can load native code with appropriate permission
– Strict separation of bundles
• Classpath set up by Bundle class loader
• Inter-bundle communication only through published interfaces
1st prototype implementation
Java Native
Interface
(JNI)
Privileged
System
Bundle
(Java)
Published
interface
App
Bundle
(Java)
Equinox open-source OSGi framework
Java Virtual Machine
Packet
queue
NetServ Click element in C++
- starts up a JVM
User-level Click router
Single process
packet
Summary
• NetServ
– Architecture for dynamic in-network service deployment
– Modular and extensible
• Building Blocks and Service Modules
– Secure and portable
• Virtualized Services Framework
– And it is NOT Active Networks
• Content Distribution Service
– Our planned showcase application
• Our initial approach
– Rapid prototyping cycles
– Implementation using Click and OSGi