Transcript ppt - Terena

Growing of Internet
a permanent challenge
for designers and network
engineering
Jiří Navrátil [email protected]
European Future Networking Initiatives Workshop
22.2.2007 Amsterdam
Introduction to EFNI
workshop
• Internet expansion and consequences
• Next generation of Internet (directions and
supporting projects, FIND, GENI)
• New terminology: Slicing, Virtualizaton,
PlanetLab, VINI, etc.
• New networking phenomena, concepts,
approaches (DHT, P2P, CAN, ROS)
Partial
visibility
of the Internet from one router
BGP table
analysis
(from the routing tables)
Source: http://www.caida.org/tools/measurement/skitter/
What are the problems of
Internet ?
Speed and capacity ?
In network backbones ?
In aggregation networks?
last mile ?
wireless (ad hoc networks, Wimax) ?
Access to the network ?
from individual machines (PC,MAC,Linux), Supercomputers, PDA, phones,
edge points
Distribution of services in requested quality to end users
to universities, offices (thousands of sites in each country)
to homes (millions of access points)
mobile users
Utilization of existing networks (Measurement and monitoring)
How do we know what users are doing and what they want,
what are the loads od individual segments of Internet ?
Security aspects ?
Yes, definitely, all of these areas has own difficulties and
clear road map for future developments
However, they don’t threaten the system as whole
The real problems of IP world are
in the principles
•
IP addresses ? Yes, before 1994 nearly collapsed. Problem postponed
because of reusable private IP, NAT. It is reason why IPv6 is not so hot
•
Naming ? Yes, DNS still dominate and it has more and more problems
the other systems start to use own naming strategy based on GUID
•
Routing ? Yes, since 1989 BGP (protocol based purely on agreement of
ISPs - routing policy). All other known protocols are unacceptable,
technically problematic and they are used just locally,
many existing routes is not used, quality of routes is not under control
BGP4 ? Yes, Introducing AS was step to aggregation for routing purposes,
it helps to postpone problem with effectiveness of routing.
AND the
# of ISP and # of AS grow exponentially !
How Internet Grows
In history
The grow of Internet Routing Tables
80000
Expectations
70000 routes
70000
60000
50000
40000
#routes
30000
20000
10000
350
0
1988
92
94
95
96
97
98
99
2000
CIDR, PRIVATE IP, NAT bring slowdown of growing RT
(in 2000 - 980 millions of users ???)
How AS growing brings problem to BGP
Grow in 94– 06
Source http://www.routeviews.org/dynamics
Remark.
Individual lines are prefixes (paths) from different peers
This is a reason why your engineers
needs more and more powerfull systems
Flapping = routes on- off-on-off …
http://sahara.cs.berkeley.edu/jan2004-retreat/slides/mcc_rootcause_sahara.ppt
More about the weaknesses
of the Internet
- performance bottlenecks at peering points
–
–
–
–
Ignores many existing alternate paths
Prevents sophisticated algorithms
Route selection uses fixed, simple metrics
Routing isn’t sensitive to path quality (See next examples)
The Internet is ill suited to mission-critical applications
Paxson (95-97)
3.3% of all routes has serious problems
Labovitz (97-00)
10% of routes available <95% of time
65% of routes available <99.9
3 minutes minimum detection time for failure
average recovery ~ 15 minutes
5% of faults last more than 2 hours 45 minutes
Chandra (01)
Wang (06)
80 % of problems on the path is caused by routing
RON - Resilient overlay networks
David Andersen, Hari Balakrishnan, Frans Kaashoek, and Robert Morris
MIT Laboratory for Computer Science
http://nms.lcs.mit.edu/ron/
•
•
•
•
Measure all links between nodes
Compute path properties
Determine best route
Forward traffic over that path
Experimental testbed running for users,
Main problems
- not suitable for disruptive operation,
- low statistics of problematic cases (waiting for errors)
Menu
Traceroute analysis
Via Abilene
Via CALREN/CENIC
Example of routing changes (path SLAC – CALTECH)
ABwE Overview
PROBLEM IS NOT ONLY TO HAVE NAME (registration)
But how TO HANDLE resolution (conversion from/to IP)
and UPDATE databases which are bigger and bigger
TLD com
TLD
ns
.cz
.cvut.
ns .de
ns
.nl
Recursing requests
.ibm. ns
ns
ns
ns
ns
ns
.fel.
ns
.fjfi.
ns
ns
ns
ns
ns
ns
ns
ns
ns
ns
.fs.cvut.cz
.hp.
ns
ns
ns
ns
ns
ns
ns
Most request is resolved on the lowest level
but not all data are available => Recursing requests
browsers
Remember: Each nice Web page can contain several resolutions !!
(reference to icon/picture/doc located somewhere in Internet) and for seeing it must be resolved !!
All these systems were designed for traffic loads that reflect
the rate and complexity of human activities
How DNS will react on machine-machine applications (crowlers, traffic reviewer,..)
How is robust, scalable, sensitive to the attacks and misconfigurations
What is the rate of DNS updates and big volume of data it represents ?
1-2 M updates/hour on root DNS
20 top ASes make 50 % updates (China, US, Spain)
97% updates is from WINDOWS machines
Wrong coordination between DHCP and DNS for private IP can creates
unwanted traffic and requests to global DNS.
This leakage is inappropriate from the traffic and also from the security
aspects.
REFERENCE CAIDA papers:
A.Broido, E.Nemeth, kc claffy, SPECTROSCOPY of Private DNS update Sources
A.Broido, H.Shang, M.Fomenkov, Y.Hyun, kc claffy, The Windows of Private DNS Updates
NSF FIND “Future Internet Design”
in 2005 as reaction to existing problems
• Creating the Internet you want in 10,15 Years
• The Internet which society TRUST
• Support pervasive computing (from PDA to
Supercomputing)
• Connecting devices and users with all types
communication channels from wireless to
optical light paths
• Enable accept further developments and
innovations
from Darleen Fisher and Guru Parulkar
NSF-CISE presentation
from Darleen Fisher and Guru Parulkar
NSF-CISE presentation
from Darleen Fisher and Guru Parulkar
NSF-CISE presentation
Situation is getting worse
From: David Alderson CALTECH , NSF Find meeting, Dec. 2005
Larry Peterson Princeton University:
A Strategy for Continually Reinventing Internet
(May 2005)
Why now ?
many architectional proposals ( look on the statistics RFC, papers, etc.)
research community is ready to making it real
Enabling technology
Infrastructure exists (NLR, Planetlab, .. GN2,.. }
HOW ?
Two paths for changes
Incremental
Clean-Slate (replace Internet with new architecture)
many problems on first path
(many limits, hard manage,, vulnerability, hostile)
there are Barriers to second path:
Internet ossificated, cannot be replaced
Inadequate validation of potential solutions
tesbed dilemma:
production testbed = incremental change
experimental testbed = no real users !
Focus of FIND
On Reinvented Internet Architecture and not
on individual network technologies
Internet evolution influenced by clean-slate
approach
Alternate architecture(s) coexist with the
current Internet
Virtualization becomes the norm with
plurality of architectures
New services and applications enabled
Defined Stages of Research
for 2007 and Later
Architectures as they emerge will be made
operational and tested
• Simulation
• Emulation
• Run on a large-scale GENI facility
Experiments with new architectures at global scale
http://nile.wpi.edu/NS/
Peter A.Freeman NSFVICE
Jan 2006
?
2007
2009
?
Filling GAP (validate new arch. Under realistic conditions
Keep potential deployment in sight)
Work on existing experimental. infrastructure
Emulab front-end to PlanetLab
Experiments spanning some combination of…
Emulab + ORBIT + WAIL + PlanetLab
ViNI: Virtualized Network Infrastructure
PlanetLabslices on layer 2 networks
(NLR + Abilene)
Internet-in-a-Slice (Click + XORP)
Larry Peterson Princeton University:
A Strategy for Continually Reinventing Internet
(May 2005)
Each architecture (service)
runs in own slice
Planetlab node as INGRESS
NLR as high-speed backbone
In “A Strategy for Continually Reinventing Internet”
(May 2005, Larry Peterson)
Distribution of load and functionality in Hardware
Source: From GENI backbone working group
Why virtual architectures ?
The programs that should control many different entities in real time with
complex timing often multiplicatively same for different segments of the huge
systems are rather complex.
You can separate the tasks into independent HW
(computers) each responsible for part of the whole
system).
The reason is not only the distribution of the load
but also distribution of complexity.
The computers are more and more powerful so they
are ready to work in “pseudo parallel mode” and to
accept some overhead. Application software is much
simple.
The next step is to create more independent systems (virtual machine VM)
on one physical computer. Each VM can run one or more programs.
The complexity for writing and running application is much lower than
in original design
Generalized Packet Filters
• GPFs are the key to flexibility in this approach
– Extends concept of “filters” normally found on routers
– A relatively small number of GPFs can be used as building
blocks for a large number of applications
• Ideally, the database of GPFs precludes the writing of new
code!
– Supports flexible classification, computation, and actions
– GPFs are executed in numeric order:
Packet
Packet
Packet
Default
filter 1
filter 2
filter n
filter
L2 Switching
L2 Switching
Engine w/ARP
Engine w/ARP
Source :
http://sahara.cs.berkeley.edu/jan2004-retreat/index.html
http://sahara.cs.berkeley.edu/jan2004-retreat/slides/tsai_routervm_1-9-04.ppt
Source : http://sahara.cs.berkeley.edu/jan2004-retreat/index.html
http://sahara.cs.berkeley.edu/jan2004-retreat/slides/tsai_routervm_1-9-04.ppt
Classify-Infer-Act
• A server and router in “one”
– Tight integration between packet processing and
routing
– High bandwidth (routers) and computation (servers)
Ethernet
Forward
TCP/IP lookup
IP
Drop
Intrusion Detect
TCP
Route
NAT
HTTP
Load Balance
Store/Ret. State
iSCSI
Replace Fields
Error Detect
FCIP
Resize Pkt
Checksum
MPLS
Encrypt
Count/Tag
ATM
Compress
…?
…?
Classify
…?
Infer
Act
“Slicing” SHARED IP layer in horizontal level
RN2
RN3
RN1
Group/class of applications
“G”
RN4
l
RN5
(voice)
RN1
“P”
(video)
“B”
(data)
“Y”
(interactive gaming)
sublayer 1
RN5
l1
l2
sublayer 2
sunlayer 3
RN1
RN5
RN = routernode
l3
Core network
RN4
RN4
Different L2 allocation
between RN,
different routing for
each L3 sub-layer
sublayer 4
RN1
RN4
RN5
Different application packets
Domain X
l4
Edge node
Edge node
Different application packets
Domain Z
(BASED ON PNE ?)
Questions: Who can create applicaton layer?
*jn*
Multi-user Java Environment.
A standard Java Virtual Machine is a multi-thread-enabled
but mono-application environment
Sun's Multi-tasking Virtual Machine runs several
Java applications, called isolates
The overlay is the single application that runs
in the JVM, but it allows several pseudo-applicationsn
run concurrently ontop of it.
JVM, ISOLATES etc.
http://java.sun.com/developer/technicalArticles/Programming/mvm/
Multi-user Java Environment.
IPTV
HDTV
VOD
INTERNET
Lastmile
Open Service Gateway
MULTISERVICE MULTIUSER
The overlay is the single application that runs
in the JVM, but it allows several pseudo-applicationsn
run concurrently ontop of it.
Gateway operator
Lastmile
VOD
Service providers
Open Service Gateway
The gateway operator, through the core service gateway,
acts much like a Unix root user. He allows users (service providers)
to launch their shell or execution environment (their virtual service gateway).
The core gateway runs services accessible to all users.
However, contrary to Unix root users, the core gateway
does not have access to service gateways' data, files, etc, since these
would belong to different, potentially competing companies.
Source: MUSE -NRIA
More details:http://perso.citi.insa-lyon.fr/sfrenot//publications/royonCBSE06vosgi.pdf
Xen 3.0 Architecture
AGP
ACPI
PCI
x86_32
x86_64
IA64
VM0
Device
Manager &
Control s/w
VM1
Unmodified
User
Software
VM2
Unmodified
User
Software
GuestOS
GuestOS
GuestOS
(XenLinux)
(XenLinux)
(XenLinux)
Back-End
Back-End
SMP
Native
Device
Driver
Control IF
Native
Device
Driver
Safe HW IF
Front-End
Device Drivers
Event Channel
Virtual CPU
VM3
Unmodified
User
Software
Unmodified
GuestOS
(WinXP))
Front-End
Device Drivers
Virtual MMU
Xen Virtual Machine Monitor
Hardware (SMP, MMU, physical memory, Ethernet, SCSI/IDE)
VT-x
http://www.planet-lab.org
VS – Virtual server
Independent OS LINUX (BSD) running on VM,
with own administartion including root
with own file system and computation capability
VMM
VMM
VMM
VMM
Slice set of VS on different VM
Node/Slice in PlanetLab
N10
N1
N3
N8
N2
N4
N9
N7
N6
SLICE A1 (N3,N1,N2,N3,N4,N5,N6.N7,N8,N9)
SLICE A2 (N1,N5,N6,N4,N8)
SLICE A3 (N1,N2,N7,N10
SLICE A4 (N3,N6,N5,N4)
N5
On each node can run more users (slices)
Each of them is running in own virtual system
One user can run more applications
Node
SLICE
App1
App2
App3
What is emulation?
the ability to mimic another machine on your computer.
You can run the same programs that you would on whatever
the other machine is.
switch
wired
http://www.cs.utah.edu/flux/testbed-docs/emulab-dev-jan06.pdf
Thank You for your
attention