100 likes | 266 Views
Adaptive End-to-End QoS Guarantees in IP Networks using an Active Network Approach. Roman Pletka IBM Research, Zurich Research Laboratory, Switzerland Burkhard Stiller University of Federal Armed Forces Munich, Germany and
E N D
Adaptive End-to-End QoS Guarantees in IP Networks using an Active Network Approach RomanPletka IBM Research, Zurich Research Laboratory, Switzerland Burkhard Stiller University of Federal Armed Forces Munich, Germany and Computer Engineering and Networks Laboratory (TIK), ETH Zürich, Switzerland IBM Zurich Research Laboratory
Agenda • Introduction • The abstract node model • Active networking framework • Overview of security risks. • The hierarchical safety levels • Example Applications • E2E services with RSVP signaling and active packets • Conclusion IBM Zurich Research Laboratory
Introduction • Why is QoS rarely used today? • ISP’s use massive over-provisioning. • Huge variety in existing QoS architectures (Intserv, Diffserv, ST2+, QoS classes in GPRS). • No end-to-end support for service guarantees in heterogeneous IP networks. (Are user’s willing to pay for this?) • Increasing variety in QoS-provisioning mechanisms (eg., policers, schedulers, AQM schemes) • => Need for QoS translation services. IBM Zurich Research Laboratory
Building E2E services End-to-end Service Service Description SLA Networking Parameters SLA Networking Parameters SLA SLS SLS SLS IBM Zurich Research Laboratory
Node Model for QoS Provisioning in a Proactive Environment 5 Active Security Proactive QoS Plane 4 Hierarchy 3 2 1 E2E Flow Control 0 Absolute and Relative QoS Description Domain Policies Congestion Control in Routers Buffer Management Networking Plane Active Packets Intserv RSVP & Schedulers Diffserv Application Plane IBM Zurich Research Laboratory
Functional Description • Discovery process • Leads to initial behavior bounds that specify upper bounds for available resources. • Within the network, not from hosts. • Translation phase • Translation of QoS parameters using active code provided by either the network administrator or the application itself. • No simple one-to-one mapping => active code.Surjective code translation is obtained by projection onto the new QoS space, whereas injective code translation needs additional information based on default mappings and/or educated guess methods. • Resource Management • Comprises the task of maintaining information on the actual status of resource availability. • Example: maximum bandwidth per traffic class, policies, resources related to the neighborhood, and router services. • Feedback Control • Instantaneous traffic characteristics can deviate from QoS reservation. IBM Zurich Research Laboratory
Security Risks in Active Networks • Byte-code language • Byte-code provides architectural neutrality and intrinsic safety properties [SNAP]. • Common operations can be represented with a single byte-codes which leads to high code compactness. • Specific characteristics of the underlying architecture are hidden. • Resource bound • Divides networking resources into a two-dimensional vector (local and network part) • Limitation of bandwidth, CPU, and memory usage in nodes. • Enables efficient charging of active packets at the network edge. • Presence of code and data in the same packet does not compromise security. • Safety levels • Monitoring control plane activities. • Handling of active networking packets is split into 6 security levels. • Sandbox environment • Safe execution environment: Active Networking Sandbox (ANSB) • Information exchange in nodes only feasible using router services. IBM Zurich Research Laboratory
AN Safety Hierarchy Dynamic router services: registering new router services Authentication of active packets needed using a public key infrastructure. 5 Complex policy insertion and manipulation Admission control at the edge of the network, trusted within a domain. 4 Simple policy modification and manipulation Running in a sandbox environment, limited by predefined rules and installed router services. 3 2 Creation of new packets and resource-intensive router services (e.g., lookups) Sandbox environment based on the knowledge of the instruction performance. 1 0 Simple packet byte-code Safety issues solved by restrictions in the language definition and the use of a sandbox environment. Safety Level No active code present in packets Corresponds to the traditional packet forwarding process. IBM Zurich Research Laboratory
Example Applications Intserv/RSVP Domain Diffserv Network with Active Nodes Sender SGSN Receiver BSS GGSN Pure Active Network Domain Mobile Network using a GPRS Backbone IBM Zurich Research Laboratory
Conclusion • Efficient QoS translation using Active Networks can lead to improved E22 service guarantees. • Security risks are bounded to the level of traditional IP forwarding, control, and management. • The Active Networking framework benefits from the presence of network processors with specialized hardware assists. Lower safety levels have been implemented on an IBM PowerNP 4GS3. • Future work: Dynamic off-loading of forwarding and control functionalities directly onto network processors. IBM Zurich Research Laboratory