Friends of Young Minds

Download Report

Transcript Friends of Young Minds

ANTS: A Toolkit for
Building and Dynamically
Deploying Network Protocols
David Wetherall, John Guttag, and David Tennenhouse
Defense by Amit Saha
March 25th, 2004, Rice University
Outline of the talk
2
 Motivation
 Architecture


Goals
Components
 Examples
 Related work
 Conclusion
3
Motivation
 Easily build and deploy network protocols at
intermediate nodes as well as end points
4
Architecture - Goals
 Simultaneous support for multiple network
protocols
 Support new protocol construction – no
centralized authority
 Support dynamic deployment – no down
time
5
Architecture - Components
 Capsules
 Active nodes
 Code distribution
6
Architecture - Hierarchy
Unit of programming protection
Protocol
Code group
Capsule
Code group
Capsule
Capsule
Unit of code transfer
Unit of message
forwarding
Capsule
7
 A capsule is a replacement for a packet

Reference to forwarding routine
 Fingerprint based identifier reduces
danger of protocol spoofing
Identifier
(MD5)
Source
Shared
header
Type dependant
header
Destination
Payload
Resource limits
Active node
8
 Exports a set of node primitives

Determines what kind of processing routines
can be deployed by applications
 Execution model


Optimized for packet forwarding
Can be extended to generalized computation
Active node primitives
9
 Environment access

Query routing tables, state of links, etc
 Capsule manipulation

Access to capsule headers and payload
 Control operations

Create, copy, forward, discard capsules
 Node storage

Manipulate short-lived application-defined
objects
10
Active node execution model
 Forwarding routines



Immutable and fixed at sender
Run locally within a short time
Memory and bandwidth usage is bounded by a
TTL like scheme
 Only capsules belonging to the same
protocol may share state
 A capsule cannot create new capsule of a
different protocol
11
Active node execution model
 Not all nodes need to be active nodes
 Sandboxing and Java byte code
verification used for protection
Code distribution
12
 Unfeasible approaches


Carry entire program in capsule
Pre-load program into all active nodes
 Couple code transfer with data transfer


Distributes code to where needed
Adapts to connectivity changes
13
Code distribution steps
Capsule
Search cache
Request
Response
Code group
Code group
Capsule
Example – Mobile hosts
14

Mobile IP like protocol with two
cooperating capsule types
1. Register: Sent by mobile host to register
forwarding information
2. Data: Used by other hosts to send messages
to mobile host
15
Example – Mobile hosts
Sourc
e
Home
agent
Dest
(home
)
Foreign
agent
Dest
(away)
16
Example – Multicast
Member
Sender
Intermediate
node
Member
Related work
17
 Softnet (1983)


Seminal work; safety and efficiency ?
Most similar to this work
 x-kernel (1991)


Dynamic composition of micro-protocols on a
per packet basis
Inherently less flexible since restricted to a
set of micro-protocols
 Messenger paradigm (1995)

End-to-end in nature
18
Conclusion
 Rapid deployment of new protocols to
exactly the required nodes
 No advance consensus required about
protocols