Slides - TNC 2007

Download Report

Transcript Slides - TNC 2007

The latest developments in
FIND/GENI projects and their
influence on European
Networking
Jiří Navrátil [email protected]
Terena Networking Conference 2007
21-24.5.2007 Lyngby/Denmark
Agenda
• Internet expansion and consequences
• Fundamental problems of Internet
• Next generation of Internet (directions and
supporting projects, GENI, FIND)
• New network architectures (overlay
networking, virtualized GRID)
• European projects (OneLab, Phosphorus,
UCLP, FEDERICA)
Internet expansion
• Web (90ties), p2p (2000), video, IPTV, wireless (today),
sensors (tomorrow)
• Asia, Europe, North America, …. Africa
• Expecting trillion of devices in near future
• Problems: technical and social
capacity on last mile, guaranteed Bw, path stability,…
viruses, attacks, unwanted mail, pishing, etc.
• Wide discussion in Internet community about the future, problems in many
forms and on many forums
NO STRENGTH to change fundamentals of existing Internet
• NFS came with the GENI which is trying to find way, how
to change Internet from the base (REINVENTING)
Future Internet
• Creating the Internet you want in 10,15 Years
• The Internet which society TRUST
• Support pervasive computing (from PDA to
Supercomputing)
• Connecting devices and users with all types
communication channels from wireless to
optical light paths
• Enable accept further developments and
innovations
Two paths for changes
Larry Peterson Princeton University:
A Strategy for Continually Reinventing Internet
(May 2005)
Incremental
Clean-Slate (replace Internet with new architecture)
many problems on first path
(many limits, hard manage,, vulnerability, hostile)
there are barriers to second path:
Internet ossificated, cannot be replaced
Inadequate validation of potential solutions,
tesbed dilemma:
production testbed = incremental change
experimental testbed = no real users !
Why now ?
many architectional proposals ( statistics new RFC, papers, etc.)
enabling technology
infrastructure exists (NLR, Planetlab, .. GN2,..)
research community is ready to making it real
Where are the fundamental problems and what is the
most actual (first order) problem ??????
The real problems of IP world are in
the principles (core functionality)
•
IP addresses ? Before 1994 nearly collapsed. Problem postponed because
of reusable private IP, NAT. It is reason why IPv6 is not so hot
•
•
Naming ? DNS still dominate and it has more and more problems
Routing ? Since 1989 BGP (protocol based purely on agreement of ISPs routing policy). All other known protocols are unacceptable, technically
problematic and they are used just locally,
many existing routes is not used, quality of routes is not under control
BGP4 ? Introducing AS was step to aggregation for routing purposes,
it helps to postpone problem with effectiveness of routing.
Reality:
# of ISP and # of AS grow exponentially !
How Internet Grows
In history
The grow of Internet Routing Tables
80000
Expectations
70000 routes
70000
60000
50000
40000
#routes
30000
20000
10000
350
0
1988
92
94
95
96
97
98
99
2000
CIDR, PRIVATE IP addresses, NAT bring slowdown of growing RT
AS growing brings problem to BGP
Grow in 94– 06
Source http://www.routeviews.org/dynamics
Remark.
Individual lines are prefixes (paths) from different peers
(141 mill./year )
Total 1,114
326 mill. new users/year
http://www.internetworldstats.com/images/users.gif
Partial
visibility
of the Internet from one router
BGP table
analysis
(from the routing tables)
Source: http://www.caida.org/tools/measurement/skitter/
More about the weaknesses
of the Internet
- performance bottlenecks at peering points
–
–
–
–
Ignores many existing alternate paths
Prevents sophisticated algorithms
Route selection uses fixed, simple metrics
Routing isn’t sensitive to path quality (See next examples)
The Internet is ill suited to mission-critical applications
Paxson (95-97)
3.3% of all routes has serious problems
Labovitz (97-00)
10% of routes available <95% of time
65% of routes available <99.9
3 minutes minimum detection time for failure
average recovery ~ 15 minutes
5% of faults last more than 2 hours 45 minutes
Chandra (01)
Wang (06)
80 % of problems on the path is caused by routing
DNS system was designed for identifying
IP objects (computers, routers)
Since WEB appeared DNS become a tool for identify
Internet objects (INFORMATION) !
DNS system was designed for traffic loads that reflect
the rate and complexity of human activities !
How DNS will react on machine-machine applications
(crowlers, traffic reviewer,..)
How is robust, scalable, sensitive to the attacks and misconfigurations
1-2 M updates/hour on root DNS (from misconfigurations)
20 top ASes make 50 % updates (China, US, Spain)
97% such updates is from WINDOWS machines
Wrong coordination between DHCP and DNS for private IP can create
unwanted traffic and requests to global DNS.
This leakage is inappropriate from the traffic and also from the security
aspects.
REFERENCE CAIDA papers:
A.Broido, E.Nemeth, kc claffy, SPECTROSCOPY of Private DNS update Sources
A.Broido, H.Shang, M.Fomenkov, Y.Hyun, kc claffy, The Windows of Private DNS Updates
PROBLEM IS NOT ONLY TO HAVE NAME (registration)
But how TO HANDLE resolution (conversion from/to IP)
and UPDATE databases which are bigger and bigger
TLD com
TLD
ns
.cz
.cvut.
ns .de
ns
.nl
Recursing requests
.ibm. ns
ns
ns
ns
ns
ns
.fel.
ns
.fjfi.
ns
ns
ns
ns
ns
ns
ns
ns
ns
ns
.fs.cvut.cz
.hp.
ns
ns
ns
ns
ns
ns
ns
URL: server/datapath
browsers
Most request is resolved on the lowest level
but not all data are available => Recursing requests
Remember: Each nice Web page from “somewhere” can contain several resolutions !
(reference to icon/picture/doc located somewhere in Internet) and for seeing it must be resolved !!
And it also means grow of your local cache databases
DNS is undoubted
but
more and more actual problem is:
Separation data from location !
Van Jacobson on Google
http://video.google.com/videoplay?docid=-6972678839686672840
( Michael Walfish MIT )
Hostname/pathname
structure and DNS resolution
http://www.myhost.edu/doc/pub1.ps
SFR Semantic Free Referencing
SFRtag/pathname structure and DHT resolution
sfr://fbcd1234/doc/pub1.ps
O-record of Metadata
SFRtag: 160 bit string, IP address, port, …
Contact to traditional web servers:
SFR infrastructure strips first part and makes DHT resolution,
It replaces the first part (host id) with IP and the rest is same as previous case
More flexibility:
pathname part of the SFRtag,
multiple destinations
PASTRY (DHT)
Hash Table
Set of RNodes, each RNode keeps range of addresses for nodes
Each new node is logically located into this range
Lookup is based on the nearest neighbour
RNode
$key=“dabcf2”
$ip = $address {$key}
key
index
1faab1
65a1fc
dabcf0
dabcf1
dabcf2
1
2
0
RNode
ip
d471f1
key
c2d0
148.33.244.1
121
This example cover
224 -1
= 16 mil. objects
d46a1c
128.128.22.11
990
192.161.1.12
991
192.161.1.12
992 192.12.12.121
If in local range
..67c5 to ..71f1
Not forwarding !
d467c4
d462ba
Range of local keys
(c2d1 – 32aaff)
d4213f
RNode
32ab00
Forwarding to d4xxxx
Lookup (d46a1c)
Forwarding to dxxxxx
d13da3
RNode
RNode
from RN with KEY:
65a1fc
In Pastry max key=ffff ffff ffff ffff
Works with concept which separate data from location !
Groupware service:
How many files in the Ocean Store?
-Assume 1010 people in the world
-10,000 files/person – very conservative?
- 1014 files should be stored and maintained
The objects are defined by GUID - fix length string 160 bits
The objects are replicated
and stored on multiple servers
The lookup process is dynamic based
on queries between client and server
Tapestry routes the message to a physical host containing a resource with that GUID. Further,
Tapestry is locality aware: if there are several resources with the same GUID, it locates (with high
probability) one that is among the closest to the message source.
Basic functions
Publish/Unpublish Object,
Route to Object,
Route to node)
http://oceanstore.cs.berkeley.edu/publications/papers/pdf/SPAA02.pdf
Internet allows create meshed structures, every host can communicate with anybody
USERS JOINING AND LEAVING SYSTEMs RANDOMLY, VOLUNTARILY
Distributer A
Query match
Broadcast query
systems
Q.Req. A
Q.Req. A
Q.Req. B DB Index
Q.Req. A
Explosion of P2P
Searcher
Q.Req. A (send query to all neighbors)
Napster
Gnutella
Ultrapeer
(Index for peers)
(coordination of sharing)
Distribute
r
UP-4
New p2p architectures
New tools (bittorrent)
New applications(Skype,SIP)
Supernode
SN-A
SN-B
Node A
Login
server
Q.Req. A
Q.Req. A
UP-1
Q.Req. A
GNet,…
SN-C
Searcher
Node B
Skype
from Darleen Fisher and Guru Parulkar
NSF-CISE presentation
from Darleen Fisher and Guru Parulkar
NSF-CISE presentation
from Darleen Fisher and Guru Parulkar
NSF-CISE presentation
IPTV
VOD
HDTV
INTERNET
Lastmile
Open Service Gateway
Service providers
MULTISERVICE MULTIUSER
Gateway operator
Lastmile
VOD
Not only lastmile operator
but business for many SP
Open Service Gateway
The gateway operator, through the core service gateway,
acts much like a Unix root user. He allows users (service providers)
to launch their shell or execution environment (their virtual service gateway).
The core gateway runs services accessible to all users.
However, contrary to Unix root users, the core gateway
does not have access to service gateways' data, files, etc, since these
would belong to different, potentially competing companies.
More details:http://perso.citi.insa-lyon.fr/sfrenot//publications/royonCBSE06vosgi.pdf
Situation is getting worse
From: David Alderson CALTECH , NSF Find meeting, Dec. 2005
GENI
Research program
The GENI Initiative will support research, design, and development of new
networking and distributed systems capabilities by:
• Creating new core functionality: Going beyond existing paradigms of
datagram, packet and circuit switching; designing new naming, addressing,
and overall identity architectures, and new paradigms of network management;
• Developing enhanced capabilities: Building security into the architecture;
designing for high availability; balancing privacy and accountability; designing
for regional difference and local values;
• Deploying and validating new architectures: Designing new architectures that
incorporate emerging technologies (e.g., new wireless and optical
technologies) and new computing paradigms enabled by pervasive devices;
• Building higher-level service abstractions: Using, for example, information
objects, location-based services, and identity frameworks;
• Building new services and applications: Making large-scale distributed
applications secure, robust and manageable; developing principles and
patterns for distributed applications;
• Developing new network architecture theories: Investigating network
complexity, scalability, and economic incentives.
Focus of FIND
On reinvented Internet architecture and not
on individual network technologies
Internet evolution influenced by clean-slate
approach
Alternate architecture(s) coexist with the
current Internet
Virtualization becomes the norm with
plurality of architectures
New services and applications enabled
Status of FIND in 2007
The whole FIND program is currently in initial phase.
NSF has created a FIND Planning Committee, which is working
with NSF to organize a series of meetings among FIND grant
recipients to identify and refine overarching concepts for a
network of the future. It is a continuation of GENI talks that
started in 2005
FIND will in 2007 operate with 40 millions US $ and it is
expected that from this budget would award at about 60-80
teams. The kickoff meeting was held in November 2006.
http://www.nets-find.net/
NeTS - Division of Computer & Network Systems funds research and education projects in
four basic areas:
Programmable Wireless Networks (NeTS-ProWin)
Networking of Sensor Systems (NeTS-NOSS)
Networking Broadly Defined (NeTS-NBD)
Future Internet Design (NeTS-FIND)
16
30
27
15 – (5,2 M US)
FIND - Scope of Research
– Core functionalities (Reconsideration of basics including packets and other modes of
–
–
–
–
–
–
multiplexing and data delivery, addressing, naming and identity; routing and delivery;
support for mobility; overlay networks, and services required to support overlays;
architectural implications of performance objectives; and other elements of network services.)
Security and robustness (prevent attack, flooding, blocking unwanted traffic,
dealing with „zombies“ and „botnets“, design new safe protocols and frameworks for
applications, end nodes security)
Social aspects - privacy and accountability (balancing privacy/identity,
problematic of identity tracking, increase mutual trust between users and authorities,
responsibility for malicious behavior, access to emergency services)
Manageability and usability (facilitate network management, automated networks
configurations, fault reporting and diagnostics, architectures cross region coordinations)
Implications of new Wireless and sensor networks (mobility of subnets,
dynamic resource location, data driven routing, )
Optical network architectures and their implications (integrated
internet/optical management, dynamic allocation of capacities, aggregation in backbones )
High level conceptualization (closer to the user, what they want, location based
services, search based on localities, information context etc.)
Theoretical foundations (investigating network complexities, scalability, robustnes)
–
– Support for applications design (How applications and services should be
design to exploit new architectures, deveoloping distributed applications including
economical incentives)
Relation
S
t
a
g
e
s
o
f
R
e
s
e
a
r
c
h
FI
2
0
Architectures
0
7
a
n
d
L
a
t
e
r
as they emerge
o
p
•
2
-
•
b
m
•
R
u
u
n
l
a
o
t
n
i
o
n
a
l
a
E
m
r
g
l
e
,
a
…
n
-
e
e
r
S
i
a
m
)
t
l
a
b
,
b
m
u
Current situation “H2R,Z2N PR2JECT”
with 20 millions US for preconstruction planning
Next step “Readiness Stage”
(allow extension preconstruction planning)
?
Deliverables:
-Testbed federation
Planetlab/Emulab
-Building control plane
Planetlab prototype,
2007
VINI –Virt. Network Infrastructure
-Proof-of-concepts wired-wireless integration
-Distributed authorization and access control
Internet in a Slices (Click + XORP)
2009
Filling gap
Work on existing experimental infrastructures !
http://www.planet-lab.org
VS – Virtual server
Independent OS LINUX (BSD) running on VM,
with own administartion including root
with own file system and computation capability
VMM
VMM
VMM
VMM
Slice: set of VS on different nodes
Node/Slices in PlanetLab
N1
N7
Virtual path VP1
N3
VP 2
N2
VP n
N4
N6
SLICE A1 (N3,N1,N2,N3,N4,N5,N6.N7)
SLICE A2 (N3,N6,N5,N4)
SLICE A3 (N1,N2,N6,N7
N5
On each node can run more users (slices)
Each of them is running in own virtual system
One user can run more applications
Node
SLICE
App1
App2
App3
Overlay/Slices in PlanetLab
Virtual path VP1
VP n
VP 2
N1
N7
N3
N2
N4
N6
N5
The Overlays
Virtual path VP1
VP n
VP 2
VP 3
Virtual path VP1
VP 2
The Overlays
Virtual path VP1
VP n
VP 2
real path in IP
R2
R1
Rn
Real paths in IP:
- shared (Planetlab)
- private VPN,tunnels, IPinIP end2end (X-bone,..)
VIOLIN
Virtual Internetworking on Overlay INfrastructer
(Department of computer science Purdue Univ.)
Violins are virtual isolated networks build on top of overlay networks as
- They include virtual routers, switches and end hosts.
- Each Violin works in our virtual world with own IP address space
Entities of VIOLIN are created, deleted or migrated on-demand.
It creates new environment for applications which can be deployed
in this new virtual network.
Vnode1
Violin
Virtual path VP1
VP 2
vnode2
vnode3
Planetlab
R4
real path in IP
node2
node3
R5
node1
R1
R2
R3
IP
VIOLIN
Virtual Internetworking on Overlay INfrastructer
(Department of computer science Purdue Univ.)
Vswitch
Vnode1
Vnode2
VnodeN
UML
UML
UML
UML
VM
VM
VM
Intra-host
tunneling
VnodeN
Inter host
tunneling
UML
VM
VM
Host OS (Fedora)
node2
node1
vnode1
Violin
Virtual path VP1
VP 2
vnode2
vnode3
Planetlab
R4
real path in IP
node2
node3
R5
node1
R1
R2
R3
IP
SODA:
a Service-On-Demand Architecture
(Department of computer science Purdue Univ.)
User request for different services
Service switch for S1
Service switch for S 2
node 1
Service switch for Sx
node n
node 2
S1
G-O S
S1
S DA
O
( aemon)
D
S2
G-O S
G-O S
S3
O DA
S
(D aemon)
G-O S
HUP
Hosting utility Platform
SODA Daemon
Bootstrap VM + downloading appl.
Guest OS „UML“
Host OS
Host OS
Each User can get individual service
(web, comp, log, media service …)
SODA Master
Configuration for SERVICE types
SODA Agent
Request ASP for SERVICE type
WOW
Wide area network Of virtual Workstations
(ACIS Lab University of Florida)
Fig.1 shows WOW testbed distributed over 6 firewalled domains
(118 p2p router nodes - Planetlab and other VMware-based VM nodes)
IPOP – IP over p2p (concept based on Brunet p2p protocol (used to pass FW)
on-demand establishments of direct overlay links between WOW nodes
(nodes can join or leave system in 10 sec. direct communication between nodes in 200 sec.)
WOW is running unmodified OS and application inside VMs,
they can use the middleware framework and reach variety of hosts
using CONDOR and VM binary versions of application which can be replicated
V
i
r
t
u
o
s
o
/
V
N
E
T
(Department of Computer Science Northwestern University)
Dynamically created topology (ring) in order of seconds
based on VTTIF (Virtual Topology and Traffic Interface Framework)
Significantly improve application performance without user participation
VNET creates illusion that users’s VM are on user’s LAN
What is emulation?
the ability to mimic another machine on your computer.
You can run the same programs that you would on whatever
the other machine is.
Univ. UTAH (160+128+40+18+8) hosts
NEXT 17 EMULABS in operation or in contruction
Switch
( Virt.capability)
wired
http://www.cs.utah.edu/flux/testbed-docs/emulab-dev-jan06.pdf
DETERLAB
shared infrastructure designed for medium scale repeatable experiments in computer security .
2 clusters (100 nodes each)
http://www.deterlab.net
Larry Peterson Princeton University: A Strategy for Continually Reinventing Internet
(May 2005)
It opens way to new virtulal worlds
and possibilities to replicate fundamental parts of internet
Integrate mobility
Develop and test applications in new environment
The first commercial entities will enter into
new environment with their users
http://www.vini-veritas.net/about
Internet 2
NLR
Andy Bavier, Nick Feamster, Mark Huang, Larry Peterson, Jennifer Rexford.
In VINI Veritas: Realistic and Controlled Network Experimentation.
SIGCOMM 2006.
http://www.vini-veritas.net/about
Internet 2
VLAN
VLAN
NLR
VLAN
Building control plane
On Planetlab prototype,
Move out PL best effort,
new policies, kernel
Distributed authorization and
access control
An experiment:
IIAS - Internet in a Slices
Click (SR)+ XORP(RPsuite)
Andy Bavier, Nick Feamster, Mark Huang, Larry Peterson, Jennifer Rexford.
In VINI Veritas: Realistic and Controlled Network Experimentation.
SIGCOMM 2006.
The main objective of the Euro NGI network is to create the European center of excellence
in Next Generation Internet design and engineering,
acting as a "Collective Intelligence Think Tank", representing a major support
for the European Information Society industry and leading towards a European leadership in this domain.
OneLabs
MyPLC (private Planetlab)
at
6
be
4
ch
10
cy
2
cz
2
de
39
dk
3
es
11
fr
10
gr
6
hu
2
ie
4
il
12
is
2
it
14
nl
4
no
6
pl
16
pt
8
se
6
uk
21
EU
188
OneLab Goals
Extend PlanetLab into new environments, beyond the traditional wired internet.
Deepen PlanetLab’s monitoring capabilities.
Federate - Provide a European administration for PlanetLab nodes in Europe.
FP6 projects
•
MUPBED creates an experimental environment to assess the proposed network solutions, and that will be offered
as an open test platform to other European research projects and users. The test bed will represent a multi-layer
network based on IP/MPLS and ASON/GMPLS technologies, equipped with a unified control plane and designed
to support the highly demanding applications of the European research community.
•
•
MUSE creates an experimental environment for low cost multi-service access network. (internet to homes)
NETQoS - project proposes an autonomous policy-based management for wired/wireless heterogeneous
communications networks aimed to provide enhanced end-to-end QoS and efficient resource utilization.
•
OneLab will extend the highly successful and widely used PlanetLab infrastructure by enabling deployment of
PlanetLab nodes in new wireless environments.
•
PANLAB – This will serve as a Technology Roadmap and as a Strategic Development Guideline for
European and global telecommunications.
•
Phosphorus - High capacity optical networking can satisfy bandwidth and latency requirements, but software
tools and frameworks for end-to-end, on-demand provisioning of network services need to be developed in
coordination with other resources (CPU and storage) and need to span multiple administrative and network
technology domains.
•
WEIRD is integrated project aiming at implementing research test-beds using the WiMAX technology in order to
allow isolated or impervious areas to get connection to the GEANT2 research network.
•
WWI Ambient Networks project will create the network solutions for mobile and wireless systems beyond 3G. It
will enable scalable and affordable wireless networking while providing rich and easy to use communication
services for all. Ambient Networks offers a fundamentally new vision based on the dynamic composition of
networks to avoid adding to the growing patchwork of extensions to existing architectures.
RN2
RN3
RN1
RN4
Group/class of applications
“G”
RN5
l1
(voice)
sublayer 2
l
RN1
“P”
(video)
“B”
(data)
“Y”
(interactive gaming)
sublayer 1
l2
RN5
sunlayer 3
RN1
RN = routernode
RN4
RN5
l3
RN4
RN5
l4
Domain X
Different L2 allocation
between RN,
different routing for
each L3 sub-layer
sublayer 4
RN1
Different application packets
Core network
RN4
Edge node
Edge node
Questions: Who can create applicaton layer?
Different application packets
Domain Z
*jn*
Thank You for your
attention