Clean Slate Design for the Internet

Download Report

Transcript Clean Slate Design for the Internet 

The Stanford
Clean Slate Program
http://cleanslate.stanford.edu
Nick McKeown
Professor of Computer Science & Electrical Engineering
“These guys are completely on crack
68616
need
fixing.
It
justto
needs
60000“It doesn't
…You do not want
haveaintelligence
50000few upgrades. IPV6 would be a nice
inside
the network, ever… The
46038
40000
place to start”
[network] should be
application30000
33416
34433
20000
unaware, stupid, unreliable, and as
10000 193 159
as possible. Which is the
99 simple
655
0
Internet we have today, and it works
Hits
great, thank you very much.”
3/16/2007
3/15/2007
3/14/2007
3/13/2007
3/12/2007
3/11/2007
Hits
70000
The Stanford Clean Slate Program
3/18/2007
3/17/2007
It’s just a bunch of tubes, right?
http://cleanslate.stanford.edu
Clean Slate Research is…
A way of thinking
… that is common elsewhere
… but difficult when there is legacy
The Stanford Clean Slate Program
http://cleanslate.stanford.edu
Rethinking the car
Installed base
1 gallon of gas g 22lbs of CO2
1900
1968
2007
8,000
170M
700M
Car
Engine
Control
Fuel
Car Body
Materials Manufacture Safety
The Stanford Clean Slate Program
Policy
Emissions
Fueling
Stations
http://cleanslate.stanford.edu
Anything to rethink?
“How come it takes an hour to set up a session?”
“Why can I join someone else’s call?”
“Will the quality always be this poor?”
“Can I put a camera on my car and drive around?”
The Stanford Clean Slate Program
http://cleanslate.stanford.edu
Unthought of applications
Economically sustainable
Trustworthy: Secure, robust, manageable
Mobility by default. Users and data
Performance to blow our socks off
Unthought of links
The Stanford Clean Slate Program
http://cleanslate.stanford.edu
Early stakes in the ground
Organic growth lead to structure: Let’s exploit it
Optics is here to stay: Let’s exploit it too
Flows: They are our friends
The Stanford Clean Slate Program
http://cleanslate.stanford.edu
In parallel
2005: A sea-change in the networking research
community
–
–
–
–
Prompted by NSF
ITRs (including 100x100 Clean Slate Program)
NSF FIND: Funding for architectural ideas
NSF GENI: Creating a platform for experimenting with
new architectures, services and technologies
2006-2007: A large community-wide effort
– GENI planning process
– Programs starting in Europe and Asia
2007 -
: GENI Project Office
The Stanford Clean Slate Program
http://cleanslate.stanford.edu
Bottom-up first, Top-down later
 Now…“Innovation
in the small”
Architectural
 Coverage of areas
Blueprint?
 Four
funded so far, adding more
The Stanford Clean Slate Program
http://cleanslate.stanford.edu
Flagship projects
 Larger
collaborative projects
Architectural
 Start to tie research together
Blueprint?
The Stanford Clean Slate Program
http://cleanslate.stanford.edu
Top-down blueprint?
Too early to decide
Architectural
Blueprint?
Programmable
Nationwide
Backbone
Backbone
(Lightflow)
Flow
Theory
The Stanford Clean Slate Program
Local Wireless
Platform
Security
(Ethane)
Wireless
(Spectrum)
Backbone
(VLB)
Congestion
Control
(RCP)
http://cleanslate.stanford.edu
The Stanford Clean Slate Program

Create a breeding ground for new
collaborative projects across boundaries

Projects that will have significant impact in
10-15 years
Exploit Stanford’s breadth and depth
 Work closely with a focused group of
committed industrial partners

The Stanford Clean Slate Program
http://cleanslate.stanford.edu
Stanford Clean Slate Program
Faculty Directors
Executive Director
Nick McKeown
Bernd Girod
Guru Parulkar
Affiliate Members
Cisco
NEC
Xilinx
Deutsche Telekom
NTT DoCoMo
+ 3 in the works
The Stanford Clean Slate Program
http://cleanslate.stanford.edu
Stanford’s Breadth and Depth

World-class expertise in:
Networking, optical communications, wireless,
access networks, theory, economics, security,
applications, multimedia, operating systems,
hardware and VLSI, system architecture, …

Participants from across EE, CS, MS&E, GSB
Dan Boneh, David Cheriton, Bill Dally, Abbas El Gamal,
Bernd Girod, Ashish Goel, Andrea Goldsmith,
Mark Horowitz, Ramesh Johari, Joseph Kahn, Sunil Kumar,
David Mazières, Nick McKeown, David Miller, Phil Levis,
Balaji Prabhakar, Mendel Rosenblum, Tim Roughgarden.
The Stanford Clean Slate Program
http://cleanslate.stanford.edu
Projects
Professors Leonid Kazovsky & Nick McKeown
Optical technology promises enormous capacity & low-power
Goal is to propose new networks to exploit optical switching
Programmable
Nationwide
Backbone
Backbone
(Lightflow)
Flow
Theory
The Stanford Clean Slate Program
Local Wireless
Platform
Security
(Ethane)
Wireless
(Spectrum)
Backbone
(VLB)
Congestion
Control
(RCP)
http://cleanslate.stanford.edu
Projects
Professors Balaji Prabhakar & Amin Saberi
Existing theory lacks details of flow-dynamics and end-to-end semantics
Goal is to develop flow-level theoretical models
Programmable
Nationwide
Backbone
Backbone
(Lightflow)
Flow
Theory
The Stanford Clean Slate Program
Local Wireless
Platform
Security
(Ethane)
Wireless
(Spectrum)
Backbone
(VLB)
Congestion
Control
(RCP)
http://cleanslate.stanford.edu
Projects
Professors Andrea Goldsmith & Ramesh Johari
Spectrum scarcity is a result of tight, inefficient government control
Goal is to propose new approach to spectrum allocation & protocols
Programmable
Nationwide
Backbone
Backbone
(Lightflow)
Flow
Theory
The Stanford Clean Slate Program
Local Wireless
Platform
Security
(Ethane)
Wireless
(Spectrum)
Backbone
(VLB)
Congestion
Control
(RCP)
http://cleanslate.stanford.edu
Projects
Professors Boneh, Mazieres, Rosenblum, McKeown
Goal is to propose clean slate architectures for secure networks
Programmable
Nationwide
Backbone
Backbone
(Lightflow)
Flow
Theory
The Stanford Clean Slate Program
Local Wireless
Platform
Security
(Ethane)
Wireless
(Spectrum)
Backbone
(VLB)
Congestion
Control
(RCP)
http://cleanslate.stanford.edu
What we’d like
Principle 1: Manage network using policy over real names
“Nancy can access Payroll”
“Laptops can’t accept incoming connections”
“VoIP phones mustn’t move”
Payroll
Principle 2: Policy should dictate the path packets follow
“CEO traffic should not pass through engineering”
“Guest flows must pass through http proxy”
“Laptop flows must pass through IDS”
Principle 3: The origin of packets should be known
Principle 4: Network should log all connectivity
For diagnostics and auditing
Nancy
The Stanford Clean Slate Program
http://cleanslate.stanford.edu
Principle 1: Manage network using policy over real names
“Nancy can access Payroll”
“Laptops can’t accept incoming connections”
“VoIP phones mustn’t move”
Today
Today
“Everyone who is not Nancy
cannot access payroll”
Q: How to identify them?
Q: Where do their packets flow?
dns
Payroll
Host: a
IP: i
MAC: m
ACL: Jen’s IP, payroll
dhcp
learning
spanning tree
ospf
ACL: Jim’s IP, payroll
ACL: Jen’s IP, payroll
Jen
The Stanford Clean Slate Program
Nancy
Host: b
IP: j
MAC: n
http://cleanslate.stanford.edu
Problems
Nancy
IP: j
MAC: n
Dynamic bindings
 Allocated elsewhere
 Not authenticated
 Easily spoofed

Host: b
dns
dhcp
Bindings between users, hosts and addresses
keep changing, are not authenticated and are
chosen elsewhere.
 Route is picked elsewhere and is unknown to
the manager. And changes.
 New entities require many more filters. Change
of entity locations requires updating of filters.
 Easy to circumvent, hard to diagnose.

The Stanford Clean Slate Program
http://cleanslate.stanford.edu
Ethane: Design choices
 Centralized
management
 Policy language governs network
 All communication requires permission
 Secure and track all bindings
The Stanford Clean Slate Program
http://cleanslate.stanford.edu
Ethane: Taking Control
controller
dns
Payroll
Host: a
IP: i
MAC: m
“Nancy can access Payroll”
“Laptops can’t accept
incoming connections”
“VoIP phones mustn’t move”
“CEO traffic should not pass
through engineering”
“Guest flows must pass
through http proxy”
“Laptop flows must pass
through IDS”
dhcp
learning
spanning tree
ospf
Nancy
The Stanford Clean Slate Program
Host: b
IP: j
MAC: n
http://cleanslate.stanford.edu
Waypoints
controller
Payroll
“Nancy can access Payroll”
“Laptops can’t accept
incoming connections”
“VoIP phones mustn’t move”
“CEO traffic should not pass
through engineering”
“Guest flows must pass
through http proxy”
“Flows to Payroll must pass
through IDS”
Nancy
The Stanford Clean Slate Program
http://cleanslate.stanford.edu
Ethane: Manageability
 Fine-grain
control of each flow
 Can isolate users, groups, hosts
 Can specify waypoints
 Can require different forms of
authentication for different access points
(e.g. stronger for wireless than wired)
The Stanford Clean Slate Program
http://cleanslate.stanford.edu
Ethane: Many questions
 Central
controller
– Performance & Scalability
– Robustness
 How
to make it easy to use for manager…
 …and transparent to user.
The Stanford Clean Slate Program
http://cleanslate.stanford.edu
Our deployment
 300+
hosts at Stanford: Servers, laptops,
desktops, phones.
 19 switches
– Hardware, software, wireless
 Policy:
132 rules to replicate policy
The Stanford Clean Slate Program
http://cleanslate.stanford.edu
Lessons so far…
Controller handles >10,000 flows/second
 Maybe enough for whole of campus
 Multiple ways to handle redundancy

– Cold-standby, hot-standby, stateless, stateful
Transparent to users (even remotely at home!)
 Diagnostics

– Control who can perform diagnostics and see traffic
– Journal all bindings: Can tell who sent a packet when.
The Stanford Clean Slate Program
http://cleanslate.stanford.edu
Flagship Projects
#1: Build our own small private
programmable backbone
Open Source “Router Kit”
Routing
Control & Mgmt
Hardware
Datapath
Software: Linux/XORP (ICSI)
Hardware: NetFPGA (Stanford)
NetFPGA is a PCI card
NetFPGA is a Programmable
4 x 1GE “switch” or any
packet processor
 Program in Verilog
 Industry-standard design flow
 Contains embedded CPUs
 ~$500 for kit
 Available June 2007
 For classroom & research
Used in CS344/EE384D “Build an Internet Router” and EE109
The Stanford Clean Slate Program
http://cleanslate.stanford.edu
How would you like to take part?
Architectural
Blueprint?
Programmable
Nationwide
Backbone
Backbone
(Lightflow)
Flow
Theory
The Stanford Clean Slate Program
Local Wireless
Platform
Security
(Ethane)
Wireless
(Spectrum)
Congestion
Control
(RCP)
http://cleanslate.stanford.edu
Backbone
(VLB)
Agenda

09:00 - 09:45
Nick McKeown
Introduction

09:45 - 10:30
Jonathan Turner, WUSTL
An Architecture for a Diversified
Internet

10:30 - 11:00
Break

11:00 - 11:30
Bernd Girod
Clean Slate Design for Internet Video
Delivery

11:30 - 12:00
Balaji Prabhakar
21st Century Queuing Theory, and
Internet Address Allocation
The Stanford Clean Slate Program

12:00 – 13:30
Lunch with Poster Session

13:30 - 14:00
William B. Norton, Equinix
Video Internet: The Next Wave of
Massive Disruption to the U.S. Peering
Ecosystem

14:00 - 14:30
Dan Boneh
A Clean Slate Approach to Web
Technology

14:30 - 15:00
John Mitchell
Security Analysis of Network Protocols

15:00 - 16:00
PANEL (Moderated by Balaji
Prabhakar)
It's Not Just About the Plumbing
http://cleanslate.stanford.edu