1 / 58

The Post-PC Era: It’s About The Services

The Post-PC Era: It’s About The Services. Randy H. Katz Computer Science Division Electrical Engineering and Computer Science Department University of California, Berkeley Berkeley, CA 94720-1776. Presentation Outline. Heterogeneity in Devices and Networks

heath
Download Presentation

The Post-PC Era: It’s About The Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Post-PC Era:It’s About The Services Randy H. Katz Computer Science Division Electrical Engineering and Computer Science Department University of California, Berkeley Berkeley, CA 94720-1776

  2. Presentation Outline • Heterogeneity in Devices and Networks • A New Service Architecture: SAHARA • Reachability as a Service • New Directions • Summary and Conclusions

  3. Presentation Outline • Heterogeneity in Devices and Networks • A New Service Architecture: SAHARA • Reachability as a Service • New Directions • Summary and Conclusions

  4. Shape of Things Today: Diverse Appliances and Devices Game Consoles Personal Digital Assistants Digital VCRs Communicators Smart Telephones E-Toys The Old Days All will demand broadband Internet connectivity … and 10BaseT won’t be sufficient

  5. Nokia 7600 Ever More SophisticatedMobile Phones • Graphical UI/Joystick control • Voice dialing, voice recognition, voice recorder • Integrated digital camera w/ 640 x 480 res image capture • IR + Bluetooth + Phone2Phone + Phone2PC • Java-support for 3rd party apps • WAP + High-speed data over GSM + HSCSD + GPRS • But often you need to compute!Screen. Keyboard. Storage Nokia 7650

  6. Low-tier High-tier Local Area Wide Area Low Mobility High Mobility Promise: Ubiquitous Connectivity • Seamless data mobility among local and wide-area wireless networks via Mobile IP handoff • Two orthogonal technologies: • High speed data over cellular for high mobility, wide-area coverage • Even higher speed data over WLAN hot spots for low mobility, local area coverage

  7. Network Services: Communications

  8. Network Services: Access

  9. Best Implementation Method:the Internet Programming Model • Service composition across the network • Network-aware Distributed System architecture • Bottlenecks near edge, not core • Service deployment points close to where used • Service implementation topology-aware • Enabled by: • Computing embedded in communications fabric: distributed, wide-area, topology-aware • Emerging class of programmable network elements • Per session characterization, processing, prioritization, monitoring, management, billing

  10. Cable Modem Premises- based AccessNetworks PNE LAN Transit Net LAN PNE LAN Private Peering Premises- based Core Networks Transit Net WLAN PNE WLAN Internet Datacenter NAP Analog WLAN Hot Spots Transit Net Public Peering DSLAM Operator- based RAS Regional Wireline Regional Cell H.323 Data PNE Cell Data H.323 Cell PSTN PNE Voice Voice Internet Connectivity and Processing

  11. Composed Applications:Universal In-box • Message type (phone, email, fax) • Access network (data, telephone, pager) • Terminal device (computer, phone, pager, fax) • User preferences & rules • Message translation & storage Separate end device andnetwork from end-to-endcommunications service:indirection via compositionof translators with access

  12. VPN Operator, Client-Software Private Brand Net Operator (MVNO) WISP Aggregator Single Sign-on Unified Billing SLN Aggregator Revenue Sharing Full Service Network Operator Full Service Network Operator Single Location Network Operator (SLN) Single Location Network Operator (SLN) Single Location Network Operator (SLN) Full Service Network Operator Premises-based Access Cooperative Networking Challenge: Single Operator vs. “Virtual” Composed Operator Billing, ECommerce Authentication Inter-site Mobility

  13. Challenge: Multiple “Operators”Coordination Issues • Top-Down vs. Bottom-Up Network Deployment • Operator vs. aggregator/virtual operator models • Neighborhood cooperative mesh networks • Security • Blurring of distinction between public & private networks: rogue APs • Interoperation among service/access providers • End-to-end considerations in untrusted infrastructure • Authorization and billing for multi-party services • Resource Management • Unlicensed but ignore coordination at the cost of performance • Radio resource planning and allocation • Service Creation and Personalization Platform • Intelligent edge services: service and policy management, user mobility and profiling, charging and billing • Deployments enabled by edge-network programmable network elements

  14. Challenge: Agile or Fragile Networking? • Baltimore Tunnel Fire, 18 July 2001 • “… The fire also damaged fiber optic cables, slowing Internet service across the country, …” • “… Keynote Systems … says the July 19 Internet slowdown was not caused by the spreading of Code Red. Rather, a train wreck in a Baltimore tunnel that knocked out a major UUNet cable caused it.” • “PSINet, Verizon, WorldCom and AboveNet were some of the bigger communications companies reporting service problems related to ‘peering,’ methods used by Internet service providers to hand traffic off to others in the Web's infrastructure. Traffic slowdowns were also seen in Seattle, Los Angeles and Atlanta, possibly resulting from re-routing around the affected backbones.” • “The fire severed two OC-192 links between Vienna, VA and New York, NY as well as an OC-48 link from, D.C. to Chicago. … Metromedia routed traffic around the fiber break, relying heavily on switching centers in Chicago, Dallas, and D.C.”

  15. Evolution of Internet • Diversity of devices and access networks • Wireless overlays provide continuum of connectivity • Increasing importance of “services” to mitigate diversity/provide new functionality and customization • Global services via managed composition • Enabled by processing embedded in the network interconnect, locally and globally • Multiple service providers/admin domains • No single operator deploys the global service • But can a reliable service be deployed by multiple, uncoordinated providers? • Overcoming the reliability bottlenecks

  16. Presentation Outline • Heterogeneity in Devices and Networks • A New Service Architecture: SAHARA • Reachability as a Service • New Directions • Summary and Conclusions

  17. The SAHARA Project • Service • Architecturefor • Heterogeneous • Access, • Resources,and • Applications

  18. SAHARA Goals • New mechanisms, techniques for end-to-end services w/ desirable, predictable, enforceable properties spanning potentially distrusting service providers • Architecture for service composition and inter-operation across separate administrative domains, supporting peering and brokering, and diverse business, value-exchange, access-control models

  19. Exploits the New Opportunities • New things you can do inside the network • Connecting end-points to “services” with processing embedded in the network fabric • “agents” not protocols, executing inside the network • Location-aware, data format aware • Controlled violation of layering necessary! • Distributed architecture aware of network topology • No single technical architecture likely to dominate: think overlays, system of systems

  20. Planet-Lab Administrative domain Administrative domain Admin domain Admin domain Admin domain Overlays:Creating New Interdomain Services • Deploy new services above the routing layer • E.g., interdomain multicast management and peering • E.g., alternative connectivity for performance, resilience Isolated Intra-cloud service Traditional unicast peering

  21. Service Composition Layered Reference Model for Service Composition End-User Applications Applications Services Application Plane Middleware Services End-to-End Network With Desirable Properties Enhanced Paths (Inter-domain) Overlay Network “Links” Connectivity Plane Enhanced Links (Intra-domain) IP Network

  22. Presentation Outline • Heterogeneity in Devices and Networks • A New Service Architecture: SAHARA • Reachability as a Service • New Directions • Summary and Conclusions

  23. Routing as a Composed Service • Composable Interdomain Routing: BGP • Complex policy interactions yield non-optimal routes • Slow convergence to routing changes render parts of the IP address space unreachable for tens of minutes at a time • Vulnerabilities to malicious attacks and unintentional mistakes • Routing as a Reachability “Service” • Implementing paths between composed service instances,e.g., “links” within an overlay network • Multi-provider environment, no centralized control • Desirable Enhanced Properties • Performance: controlled loss and bandwidth guarantees (OverQoS) • Reliability: detect reachability failure, faster convergence • Security: verify believability of routing advertisements

  24. Overlay Approach for Achieving Desirable Performance: OverQoS • Embed QoS functionality in Internet via Overlays • Overlay nodes implement QoS functions • No support needed from IP routers • Challenges • Nodes not connected to congested points • Have no control over cross-traffic • Cannot avoid losses (reducing sending rate doesn’t help!) • Why Overlays? • Previous QoS architectures not deployed globally • Overlay-model empowers third-party providers to provide some form of QoS Lakshmi Subramanian, Hari Balakrishnan, Ion Stoica

  25. N-TCP pipe Entry Node Exit Node Overlay Traffic Redundant Traffic • Step 2: Distribute b/w and loss among flows Flow 1 Scheduler Rate Ctrl Flow 2 OverQoS Method • Step 1: Aggregate Loss and Bandwidth Control Lakshmi Subramanian, Hari Balakrishnan, Ion Stoica

  26. Flow 1 Overlay Node Overlay Node Overlay Node Flow 2 Flow 3 OverQoS Method • Step 3: Provide QoS guarantees (b/w,loss) to a flow “bundle” by “stitching” guarantees on overlay links • Step 4: Perform QoS-routing of multiple flows with different requirements on overlay network • Used successfully to support Counterstrike game Lakshmi Subramanian, Hari Balakrishnan, Ion Stoica

  27. Agility in Response to Route Changes:Internet Converges Slowly • Convergence Times [Labovitz et al.] • Theory: O(n!) (n: number of ASes) • Practice: linear with the longest backup path length • Measurement: up to 15 minutes • Why so slow? • BGP protocol effects: path exploration • Route flap damping!? • Delay convergence of relatively stable routes • Unexpected interaction between flap damping and convergence Morley Mao, Ramesh Govindan, George Varghese

  28. Exponentially decayed Suppress threshold Penalty Reuse threshold Time Flap Damping (RFC2439) • Suppress routes that change too frequently • For each peer, per destination, keep penalty value, increase for each route change (aka “flap”) • Exponential decay • Parameters: • Fixed: Penalty increment • Configurable: half-life, suppress-, reuse-threshold, max suppressed time Morley Mao, Ramesh Govindan, George Varghese

  29. Selective Route Flap Damping • Flaps occur due to certain topologies among routers causing triggered announcements and withdrawals • Not toy scenarios! • Approach: ignore flap sequences indicating path exploration—these likely to trigger more changes in near future • Redefine a flap: • “Any route change is considered a flap”  “must alter direction of route preference value change, relative to flaps” • Flaps due to withdrawal: increasing AS_Path lengths, route value keeps decreasing • Morley Mao Ph.D. dissertation (AT&T Labs) Morley Mao, Ramesh Govindan, George Varghese

  30. Stability achieved through flap damping [RFC2439] • BUT unexpected:flap damping delaysconvergence! Topology: clique of routers • Selective flap damping • Duplicate suppression: ignore flaps caused by transient convergence instability • Eliminates undesired interaction without sacrificing stability

  31. Can You Depend on Your Routes? BGP Route Verification • BGP is highly vulnerable! • Allows ASes to propagate invalid routes that deviate from actual Internet topology • Critical implications for performance and correctness • Misconfigured routers cause long outages • Drop packets (“blackholes”) • Roughly 6% of misconfigurations cause reachability problems • Malicious routers cause even greater damage • Misroute or eavesdrop on traffic • Impersonate destinations • Collude with other nodes to make detection difficult Lakshmi Subramanian, Ion Stoica, Volker Roth, Scott Shenker

  32. “Listen” and “Whisper” • One approach: route verification with PKI authentication • Deployment has been difficult • Political issues with single PKI: who controls it? • Alternative: route consistency testing to detect suspicious ASes • Listen: “Passive” TCP-probing • Modified nodes watch TCP traffic to detect reachability problems • No modifications to BGP, incrementally deployable • Ineffective for detecting malicious hosts: can’t distinguish between genuine and malicious hosts • Whisper: Advertisements sent consistent with those received • Route advertisement invalid if AS-PATH does not match its propagation path (Mao: true for 8% of observed paths!) • Use redundant net connectivity to verify route consistency Lakshmi Subramanian, Ion Stoica, Volker Roth, Scott Shenker

  33. Browser Browser CNN Browser Reuters CNN Internet Browser Malicious Node CNN Browser Browser Adversary Announcing Many Invalid Routes Isolated Adversary Adversarial Router onthe Regular Path Detection Scenarios No detectionin this case Alarm and Avoid Alarm Lakshmi Subramanian, Ion Stoica, Volker Roth, Scott Shenker

  34. Verifier Verifier Intermediary Intermediary Intermediary’ Intermediary’ Advertisements Advertisements Originator Originator Loop Testing Route Propagation Whisper (aka “Telephone”) • Alternative Whisper Protocols • Loop Whisper, (Weak/Strong) Split Whisper • Vary in ability to detect malicious behavior given acceptable levels of false positive rate Lakshmi Subramanian, Ion Stoica, Volker Roth, Scott Shenker

  35. Presentation Outline • Heterogeneity in Devices and Networks • A New Service Architecture: SAHARA • Reachability as a Service • New Directions • Summary and Conclusions

  36. The OASIS Project • Overlays and • Active • Services for • Internetworked • Storage

  37. New Opportunity:“The Computer is the Network” • Emergence of Programmable Network Elements • First Gen Network Appliances, Directors • Storage Virtualizers, Intrusion Detectors, Traffic Shapers, Server Load Balancers, MIE accountants • Next Gen: Third Party Programmable beyond rules • Generalized PNE programming and control model • Generalized “virtual machine” model for this class of devices • Retargetable for different underlying implementations • Apps of Interest • Network Services: L7 switching, firewalls, intrusion and infected machine detection, storage virtualization, network monitoring and management, etc. • Network storage, iSCSI support • Streaming media transcoding/adaptation • Billing, accounting, stream customization for Mobile Network Edge

  38. F5 Networks BIG-IP LoadBalancer Web server load balancer Network Appliance NetCache Localized content delivery platform Packeteer PacketShaper Traffic monitor and shaper Cisco SN 5420 IP-SAN storage gateway Ingrian i225 SSL offload appliance Nortel Alteon Switched Firewall CheckPoint firewall and L7 switch Cisco IDS 4250-XL Intrusion detection system NetScreen 500 Firewall and VPN Extreme Networks SummitPx1 L2-L7 application switch Proliferation of Network Appliances In-the-Network Processing: the Computer IS THE Network

  39. OASIS Vision • Problem • Common programming/control environment for diverse network elements to realize full power of “inside the network” services and applications • Approach • Software toolkit and VM architecture for PNEs, with retargetable optimized backend for diverse appliance-specific architectures • Current Focus • Network health monitoring, protocol interworking and packet translation services, iSCSI processing and performance enhancement, intrusion and worm detection and quarantining • Potential Impact • Open framework for multi-platform appliances, enabling third party service development • Provable application properties and invariants; avoidance of configuration and “latest patch not installed” errors

  40. Buffers Buffers Buffers Input Ports Output Ports CP CP CP CP CP CP AP CP Interconnection Fabric Action Processor Classification Processor Generic PNE Architecture Tag Mem Rules & Programs

  41. OASIS Testbed • Programmable Networking Testbed • Alteon Filter Programmable Level 7 Switches • Next generation significantly more third party programmable • 2 x Enterprise Class Routers • (Many) 1U PCs • In discussion • Nortel + IBM on Blade Center Storage Servers for UDCs • Cisco IOS Next Generation (ION) Programmable Packet Filters

  42. Presentation Outline • Heterogeneity in Devices and Networks • A New Service Architecture: SAHARA • Reachability as a Service • New Directions • Summary and Conclusions

  43. SAHARA • Evolve Internet architecture better supporting multi-network/multi-service provider model • Dynamic environment, many service providers & service instances • Achieve desirable properties across multiple, potentially distrusting (Internet) service providers • Exploit PlanetLab infrastructure to construct wide-area prototype • Routing as a composed service • Essential for successfully connecting applications endpoints in a distributed network environment • QoS through Overlays: loss and bandwidth guarantees • Enhanced route reliability through fast convergence • Security: BGP Verification/Detection + Containment

  44. New Service ArchitectureIntegrated Communications and Processing • Increasing diversity of interconnected devices • Increasing importance of “services” to mitigate diversity/provide new functionality and customization • Refocus from performance to reliability/dependendabilty • Enabled by processing embedded in the network interconnect, locally and globally • “Active networking” is real • Global services via managed composition • Role of multiple service providers and administrative domains • Separation of services from connectivity via overlays • No single operator deploys the global service • Predictable performance and end-to-end reliability

  45. The Post-PCEra:It’s About the ServicesRandy H. KatzThank You!

  46. AnyQuestions?

  47. The Post-PC Era:It’s About The Services Randy H. Katz Computer Science Division Electrical Engineering and Computer Science Department University of California, Berkeley Berkeley, CA 94720-1776

  48. c(t), q Buffer mgmt & Scheduling & Traffic regulator De- coder Coder control plane CLVL Controlled-Loss Virtual Link (CLVL) • Two parameters: • Statistical bound on loss rate, q (<= p; typically << p) • Capacity, c(t), possibly time-varying • Can prove: if offered load < c(t), then loss rate < q • How is c(t) determined? • Given f(t) to be the redundancy factor: c(t) = b(t)( 1- f(t)) Flow 1 b(t), p(t) Flow 2 Flow n OverQos Node

  49. Characterizing the Internet Hierarchy from Multiple Vantage Points • Customer-Provider Relationships • Customer pays provider for Internet access • AS exports customer’s routes to all neighbors • AS exports provider’s routes only to its customers • Peer-to-Peer Relationships • Peers exchange traffic between their customers • Free of charge (assumption of even traffic load) • AS exports a peer’s routes only to its customers Sharad Agarwal. Lakshmi Subramanian, Jennifer Rexford

  50. These Relationships Matter! • Useful for: • Placement of servers for content distribution • Selection of new peers or providers for an AS • Analyzing convergence properties of BGP • Installing route filters to protect against misconfiguration • Understanding basic structure of the Internet • Knowing the AS graph is Not Enough • Interdomain routing is not shortest-path routing • Some paths not allowed (e.g., transit through a peer) • Local preference of paths (e.g., prefer customer path) • Node degree does not define the Internet hierarchy • Need to Know Relationship between AS Pairs

More Related