1 / 52

2002. 5. 9 Mi-Ja Lee, Ki-Joon Chae Ewha Womans University

AN 의 관리적인 접근동향 및 전망 : SENCOMM Case Study S mart E nvironment for N etwork Co ntrol, M onitoring and M anagement. 2002. 5. 9 Mi-Ja Lee, Ki-Joon Chae Ewha Womans University . Kjchae@ewha.ac.kr, mjlee55@ewha.ac.kr. Contents. Introduction Motivation SENCOMM Project Applications

beulah
Download Presentation

2002. 5. 9 Mi-Ja Lee, Ki-Joon Chae Ewha Womans University

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. AN의 관리적인 접근동향 및 전망 : SENCOMM Case StudySmart Environment for Network Control, Monitoring and Management 2002. 5. 9 Mi-Ja Lee, Ki-Joon Chae Ewha Womans University Kjchae@ewha.ac.kr, mjlee55@ewha.ac.kr

  2. Contents • Introduction • Motivation • SENCOMM Project • Applications • Goals • Requirements • SENCOMM Overview • Implementation • Conclusion • References

  3. Introduction (1/5)Motivation • The Internet will provide numerous services to a variety of devices across huge, heterogeneous, topologically complex and politically diverse autonomous systems. • The size, topological complexity, and heterogeneity of current Internet is overwhelming current network management protocols and toolkits. • The tools and protocols necessary for network control, monitoring and management have historically lagged behind the rate of development of other network applications.

  4. Architecture phase : Sep. 1999 – Mar. 2000 Implementation phase: Mar. 2000 – Sep. 2000 Application phase: Oct. 2000 – Sep. 2001 Final demonstration and documentation phase : Oct. 2001 – Feb. 2002 Introduction (2/5)SENCOMM Project Acknowledgement ISI’s ASP and aboneshell developers SRI’s ABone support team Leonid Poutievsky, U Kentucky Livio Ricciulli, Metanetworks Alden W. Jackson, James P.G. Sterbenz, Matthew N. Condell, Regina Rosales Hain ….. Internetwork Research, BBN Technologies, Verizon, Cambridge, Mass.

  5. Introduction (3/5)Applications • Representative SENCOMM Applications • Active Persistent Traceroute • Multicast Monitoring • Resource Discovery • Multicast/Concast • Remote Ping • Multicast Tree Core Maintenance • Event Processing

  6. Introduction (4/5)General Management Goals • Management of Active Network • Dynamic Deployment and Adaptation • Applications-Controlled Management • Automation of Problem Detection and Resolution

  7. Packet Delivery Heterogeneous network Packet Receipt Message Size MIB Access Persistent Storage Distributed Time Service Secure Management Introduction (5/5)General Requirements

  8. SENCOMM Overview • Smart Environment for Network Control, Monitoring and Management(SENCOMM) • Major components : • SENCOMM Management Execution Environment(SMEE) • Smart Probes(SPs) • Loadable Libraries(LLs) • Management API • Smart packets : • Transporting SENCOMM Smart Probes • Installing Loadable Libraries • Exchanging Control and Security Messages

  9. SMEE EEs ASP loadable libraries smart probes NodeOS smart packet smart packet fast forwarding SENCOMM Architecture

  10. Previous DARPA Active Networks project at BBN (N66001-96-C-8517) Added a flexible and rich programming environment to network management and diagnostic packets Four part architecture: Format and Encapsulation of Smart Packets(ANEP and IPv4/v6 Router Alert) ※ ANEP : Active Network Encapsulation Protocol specification of a high level language (Sprocket) and its tightly-encoded assembly language (Spanner) Virtual Machine(VM) Security Architecture Smart Packets

  11. Two Primary Functions provide the EE for smart probes active node management, including other EE’s and the NodeOS (responsibility may lie or share with NodeOS) Active Network Management in addition to access to MIB-2 information, SMEE requires notification of status changes in network interfaces and kernel routing table access to router configuration direct access to NodeOS abstractions flows, channels (in/out/cut), file system enhanced packet filtering, copying, and handling SENCOMM Management EE(1/2)

  12. Active Node Management Additional SMEE capabilities to manage active node [not the focus of SENCOMM] modify status, attributes, and configuration of each EE modify NodeOS to affect memory and thread pools modify channel attributes to affect filters, pools, BW/QoS evaluate filter requests for overlap At boot, SMEE is automatically loaded other EEs can be loaded, certificates retrieved, … Management of other EEs and AAs via inter-EE API EE Requirement SENCOMM Management EE(2/2)

  13. Programs that perform management functions SP Requirements Operation after Packet forwarded Globally Unique Name Single datagram Access to Loadable Libraries Hibernate until occurrence of registered event Soft-state can determine life of probe Encapsulated in ANEP datagram Transported using UDP/IP or TCP/IP SMEE loadable libraries smart probes NodeOS Smart Probes

  14. Classes and methods used by one or more smart probes similar to UNIX shared libraries LL Requirements Sharable Dynamically Loadable Globally Unique Name Version Number Separation of State Sharable State SMEE loadable libraries smart probes Loadable Libraries

  15. SMEE access to EEs Mechanism EEs provide LL of function wrappers to internal management functions Wrappers provide interfacefor smart probes Probe calls function in the EE EEs SMEE loadable library AA smart probes NodeOS Management API for EEs and AAs

  16. SENCOMM Implementation • Implementation Environment • SMEE Implementation • Management Interfaces and APIs • SENCOMM Packet Formats

  17. anep doc smaas smee tcpdump architecture librarytest lbl design multicast linux-include docs nettool net probeguide smeetool netinet spapi snmp sys tools statetest userguide SENCOMM release v0.8.1(8/14/2001) protocol

  18. Implementation Environment (1/3)Language • Requirements • widely used by community • enable deployment on multiple platforms • minimize software maintenance issues • Candidates evaluated • BBN Spanner/Sprocket (Smart Packets project) • INRIA/UPenn CAML (PLAN project) • C/C++ (CANES project) • JAVA (SENCOMM) • JAVA chosen for SENCOMM

  19. Implementation Environment (2/3)NodeOS • Requirements • actively being developed • multi-platform support • Candidates installed and evaluated • GaTech/UKy/UMd Bowman (CANES) • Utah Janos • anetd for ABone compatibility • Janos + anetd chosen for SENCOMM

  20. Implementation Environment (3/3) Execution Environment • Requirements • Java-based • supported on the ABone • supports SENCOMM requirements • Candidates installed and evaluated • GaTech/UKy CANES • Utah/MIT Janos’ ANTS EE • USC/ISI ASP • ASP chosen for SENCOMM

  21. Active Node Architecture in ASP ASP : Active Signaling Protocol SMEEBase

  22. Benefits yet another EE development effort not needed ASP is a control plane EE ASP filtering AA code serving RDP implementation focus on implementing monitoring and control easily deployable Challenges continual integration effort as ASP evolves coordinating features in ASP for management (resources, privileges, low level I/O) SMEE in ASP

  23. Functionality added to give SMEE additional privileges allow probes to use different versions of same library without namespace clashes per probe classloader ASP implemented thread library for resource protection reasonable convention for code we developed problematic for third party code using Java threads (without sources) Modifications to ASP

  24. Active Network Architecture Anetd performs the demultiplexing, EE loading and packet filtering functions for active nodes in the ABone. The ASP EE operates with anetd and is installed on core ABone routers as a permanent EE.

  25. anpub anee1 anee3 anee4 anee5 anee2 etc ad var exe Config file IP add SENCOMM Env. In the ABONE (1/2) • The current SENCOMM environment • Runs as an active application in the ASP environment. • The ASP environment can run as a permanent execution environment in the ABONE. • Anetd v1.6.3(six Anetd accounts)/Anetd v2(seven) abocc

  26. SENCOMM Env. In the ABONE (2/2) • Running the ASP EE • Follow instruction on joining the ABONE at http://www.isi.edu/abone • Ask the ABOCC to add the keys and any web servers • Get a copy of the AboneShell program from http://www.isi.edu/bone/AboneShell.html • Start the AboneShell and make sure that the host and user arguments have been set properly. • ASP EE configuration files now need to be loaded onto the various ABONE hosts. • Finally, ASP EE can be loaded either within the AboneShell or using the sc command.

  27. ABone Initialization • Load ASP on all nodes • Private copy of ASP on www.ir.bbn.com • Aboneshell used to load and run under anee1 • Integration into ASP release will allow SMEE to run in permanent ASP EEs www.ir.bbn.com core-abone-bos1 d03.csl.sri.com dart.bbn.com son.isi.edu

  28. SMEE Implementation (1/8)Smart Probe (1/5) • Naming and Dynamic Loading • Globally unique names • SENCOMM : Smart Probes, Loadable Libraries • ASP : Active Application(AA) • Smart Probes named by: • Context ID • Serial Number • Source’s IP address • SENCOMM common header • Smart probes may be loaded into the SMEE using the class loader.

  29. SMEE Implementation (2/8)Smart Probe (2/5) • Application Isolation • SENCOMM : Smart Probes are isolated from each other • ASP EE : Data isolated between running applications • Control of Network I/O • Access to incoming packets • NodeOS : InChannel • ASP EE : Network channel (Nchannel) • Complete access and control • SMEE Inchannel for full arbitrary filtering • SMEE Outchannel for specification of output path

  30. SMEE Implementation (3/8)Smart Probe (3/5) • Soft State • State Storage Mechanism(State Containers) • SENCOMM : • Soft State Mechanism • Extends the mechanism to allow probes the option of sharing state with other probes. • Provides an ASP state container that can be accessed by all probes and libraries. • ASP state containers : • Support soft state within a single smart probe • Ensures that the state is kept isolated from other probes.

  31. SMEE Implementation (4/8)Smart Probe (4/5) • User API • Required to launch smart probes into the network • ASP : - uses a user API to build AAspecs, - forward AAspecs to an ASP EE • SENCOMM smart probes : - contain active code, - do not need a reference path as ASP packets do • SENCOMM requires a user API that includes the ability to specify the smart probe • Initialization data •The identity of the user • A method to send SENCOMM packet to the SMEE • Monitor the channel for message from this smart probe • CLI(command line interface) or GUI

  32. SMEE Implementation (5/8)Smart Probe (5/5) • MIB Access • SENCOMM • Access to MIB data on managed active node. • The core of SENCOMM : • Will not include a general SNMP interface usable for managing other nodes via native SNMP queries. • Access provided by loadable library • Loaded at SMEE startup by default • Possibly based on the AdventNet SNMPv3 API for Java

  33. SMEE Implementation (6/8)Loadable Library : ASP Based • SMEE loadable code: Library /ASP loadable code: AA • Dynamic Library Loading • Java's class loader • Class loader per smart probe / unlike ASP with one class loader • Different probes can use different versions of same library • Not have ASP AA search path problems • Naming • LLs use a URN to form a unique names. • LL names provide more information about libraries than AAnames in ASP • Dynamic name binding(ASP) does not provide any benefit for naming libraries(SENCOMM). • SENCOMM URLs : to locate libraries / ASP AAspec: search path

  34. SMEE Implementation (7/8)Loadable Library : Beyond ASP • Library Naming • SENCOMM LLs : new scheme id, naming syntax • Compatible with the URN syntax described in RFC2141, RFC2396 • Loadable Libraries named using URN(Uniform Resource Name) which indicates: • Naming Authority • Library Name • Version Number

  35. SMEE Implementation (8/8)SMEE and Anetd • SMEE : • Will be compatible with anetd( and netiod) on the ABone • Will Interface with anetd to provide software management services to smart probes • Will be a client of anetd for these services • Anetd : • Deployment and control of EE in the active node • Demultiplex active packets to the EEs running on the active node. • Download the SMEE to a node to be managed • Start the EE

  36. Writing a Probe in the SENCOMM Env. • To successfully run a probe • Launching Application(launcher) • prepares the probe so that it can be sent around the network • SendProbe : smaas/SendProbe.java • SendSnmpNetstat : smaas/snmp/SendSnmpNetstat.java • Probe : actually executed code in a SENCOMM environment. • environment and probes : • using JAVA JDK 1.2.2 environment on FreeBSD and Linux

  37. BroascastPing WalkingPing RemoteLiveTest SnmpGet SnmpSet SnmpGetTable SnmpGetProtoStats SnmpGetNext SendSnmpApp GetRunningProbes ResidentPing SendKillPing Writing a Probe in the SENCOMM Env.

  38. Broadcast www.ir.bbn.com d03.csl.sri.com core-abone-bos1 son.isi.edu dart.bbn.com multinode parallel remote liveness test (formerly known as ping)

  39. Walking a Circuit and Processing www.ir.bbn.com d03.csl.sri.com core-abone-bos1 son.isi.edu dart.bbn.com follow source route and reply on success template for deployment of updates, or new functionality

  40. Remote Node State via SNMP www.ir.bbn.com d03.csl.sri.com core-abone-bos1 dart.bbn.com son.isi.edu illustrates use of loadable libraries communicates to both standard and Livio’s snmpd

  41. Management Interfaces and APIs (1/2)Inter-EE Protocol • SENCOMM is not a defined API between the SMEE and the managed EEs. • ASP provides an interface for AAs to communicate. • SENCOMM defines protocol that EEs may opt to use • protocol messages sent using NodeOS channels • managed EEs provide LL with management functions • functions translate calls to/from protocol packets and return any reply data • May identify functions for managed EEs to implement

  42. Management Interfaces and APIs (2/2)Inter-EE Protocol Packet Format • Packet Format +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Version |R|E| Flags | Serial Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ID of function | Number of Arguments | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Argument Length | Argument Value ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Argument Value (continued) ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Additional argument length and values ~ ~ : ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Argument Length | Argument Value ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Argument Value (continued) ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ • R=0 : call, R=1 : return

  43. SENCOMM Packet Formats (1/8)SENCOMM Message Encapsulation +------+-------------+-------+-----------+ | IP | UDP / TCP |ANEP| SENCOMM | +------+-------------+-------+-----------+ ANEP header format 0 16 31 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Version =1 | Flags = 0 | Type ID = 25 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ANEP Header Length | ANEP Packet Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | . | ~ Options ~ | . | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | . | ~ Payload ~ | . | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  44. SENCOMM Packet Formats (2/8) • SENCOMM message is encapsulated in ANEP packet (TID=25) • Common SENCOMM Header :packet types, reliable transport fields +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Version | Type ID | Context ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Serial Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |A|B|E| segment Sequence Number | Stream ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Sequence Number ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Origin Address ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Sub-Header ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ • Type ID = 1:Probe 2:Library 3:Message 4:Certificate Query 5:Library Query

  45. SENCOMM Packet Formats (3/8) • Probe Sub-header (Type ID = 1) • contains executable code (single datagram) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Length | Language Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Payload ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ • Language Type : • 1 → Java • 2 → Spanner • 3 → Sprocket

  46. SENCOMM Packet Formats (4/8) • Library Sub-header (Type ID = 2) • contains name and code for a Loadable Library +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Length | Language Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Name Length | Version | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Name ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Library ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ • Language Type : • 1 → Java • 2 → Spanner • 3 → Sprocket

  47. SENCOMM Packet Formats (5/8) • Message Sub-header (Type ID = 3) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Msg-Type | Reserved | Length | ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Value ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ • Msg-Type • 1 → Ack : sequence number • 2 → Certificate Reply : a requested certificate • 3 → Data : data from the execution of a smart probe • 4 → Status : status of an executing smart probe

  48. SENCOMM Packet Formats (6/8) • Certificate Query Sub-header (Type ID = 4) • requests certificate for principal signed by CA +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Cert_type | Identity_type | Authority_type| RESERVED | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Identity ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Certificate Authority ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ • Cert_type • 1 → PKCS7 √ 6 → Kerberos Tokens • 2 → PGP Certificate √ 7 → SPKI Certificate • 3 → DNS Signed Key • 4 → X.509 Certificate - Signature • 5 → X.509 Certificate – Key Exchange • Identity_type • 1 → IPV4_ADDR • 2 → IPV6_ADDR • 3 → DNS Name • 4 → X.500 Distinguished Name

  49. SENCOMM Packet Formats (7/8)SENCOMM Packet Processing (1/2) • Reliable Protocol Processing • Sender : B bit/E bit, using Segment Sequence Number • Receiver : Ack/Sequence Number plus 1 Packet received • Modification to the Receiver Ack Generation • Fragment SENCOMM Packets • Reliable Delivery Mechanism : ASP→RDP/VNET • Probe Processing (v=1, tid=1) • Probe Packets carry executable code. • Sending/Receiving : ContextID/Serial Number/Origin Address • Library Processing (v=1, tid=2) • Library Packets carry Loadable Libraries. • Sending : ContextID/Serial Number/Origin Address • Receiving : Name/Version

  50. SENCOMM Packet Formats (8/8)SENCOMM Packet Processing (2/2) • Certificate Query Processing (v=1, tid=4) • Certificate query messages carry requests for security certificates. • Sending : ContextID/Serial Number/Origin Address Identity/Certificate Authority/CertType • Receiving : Identity/Certificate Authority/CertType • Message Processing (v=1, tid=3) • Message Packets carry data, status, and error messages from a smart probe to a specified network management device. • Message also return certificates in response to a certificate query messages. • Sending : ContextID/Serial Number/Origin Address Certificate reply message/Data message/status message • Receiving :Certificate reply message/Data message/status message

More Related