1 / 55

The latest developments in FIND/GENI projects and their influence on European Networking

Explore the latest developments in FIND/GENI projects and their impact on European networking at the Terena Networking Conference 2007. Topics include Internet expansion, new network architectures, European projects, and the future of the Internet. Learn about the challenges and opportunities in reinventing the Internet to support pervasive computing and innovative communications. Gain insights from Larry Peterson on strategies for continually reinventing the Internet and the fundamental problems facing the IP world. Discover the weaknesses in the current Internet infrastructure and the need for addressing routing inefficiencies and naming system issues.

mmonty
Download Presentation

The latest developments in FIND/GENI projects and their influence on European Networking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The latest developments in FIND/GENI projects and their influence on European Networking Jiří Navrátil jiri@cesnet.cz Terena Networking Conference 200721-24.5.2007 Lyngby/Denmark

  2. Agenda • Internet expansion and consequences • Fundamental problems of Internet • Next generation of Internet (directions and supporting projects, GENI, FIND) • New network architectures (overlay networking, virtualized GRID) • European projects (OneLab, Phosphorus, UCLP, FEDERICA)

  3. Internet expansion • Web (90ties), p2p (2000), video, IPTV, wireless (today), sensors (tomorrow) • Asia, Europe, North America, …. Africa • Expecting trillion of devices in near future • Problems: technical and social capacity on last mile, guaranteed Bw, path stability,… viruses, attacks, unwanted mail, pishing, etc. • Wide discussion in Internet community about the future, problems in many forms and on many forums NO STRENGTH to change fundamentals of existing Internet • NFS came with the GENI which is trying to find way, how to change Internet from the base (REINVENTING)

  4. Future Internet • Creating the Internet you want in 10,15 Years • The Internet which society TRUST • Support pervasive computing (from PDA to Supercomputing) • Connecting devices and users with all types communication channels from wireless to optical light paths • Enable accept further developments and innovations

  5. Larry Peterson Princeton University: A Strategyfor Continually Reinventing Internet (May 2005) Two paths for changes Incremental Clean-Slate (replace Internet with new architecture) many problems on first path (many limits, hard manage,, vulnerability, hostile) there are barriers to second path: Internet ossificated, cannot be replaced Inadequate validation of potential solutions, tesbed dilemma: production testbed = incremental change experimental testbed = no real users ! Why now ? many architectional proposals ( statistics new RFC, papers, etc.) enabling technology infrastructure exists (NLR, Planetlab, .. GN2,..) research community is ready to making it real Where are the fundamental problems and what is the most actual (first order) problem ??????

  6. The real problems of IP world are in the principles (core functionality) • IP addresses ?Before 1994 nearly collapsed. Problem postponed because of reusable private IP, NAT. It is reason why IPv6 is not so hot • Naming ?DNS still dominate and it has more and more problems • Routing ?Since 1989 BGP (protocol based purely on agreement of ISPs - routing policy). All other known protocols are unacceptable, technically problematic and they are used just locally, many existing routes is not used, quality of routes is not under control BGP4 ? Introducing AS was step to aggregation for routing purposes, it helps to postpone problem with effectiveness of routing. Reality: # of ISP and # of AS growexponentially !

  7. How Internet Grows In history Expectations 70000 routes 350 CIDR, PRIVATE IP addresses, NAT bring slowdown of growing RT

  8. AS growingbrings problem to BGP Grow in 94– 06 Source http://www.routeviews.org/dynamics Remark. Individual lines are prefixes (paths) from different peers

  9. (141 mill./year ) Total 1,114 326 mill. new users/year http://www.internetworldstats.com/images/users.gif

  10. Partial visibility of the Internet from one router (from the routing tables) BGP table analysis Millions of prefixes in RT or different routing ? Source: http://www.caida.org/tools/measurement/skitter/

  11. More about the weaknesses of the Internet - performance bottlenecks at peering points • Ignores many existing alternate paths • Prevents sophisticated algorithms • Route selection uses fixed, simple metrics • Routing isn’t sensitive to path quality (See next examples) The Internet is ill suited to mission-critical applications Paxson (95-97) 3.3% of all routes has serious problems Labovitz (97-00) 10% of routes available <95% of time 65% of routes available <99.9 3 minutes minimum detection time for failure average recovery ~ 15 minutes Chandra (01) 5% of faults last more than 2 hours 45 minutes Wang (06) 80 %of problems on the path is caused by routing

  12. Naming system ? DNS system was designed for identifying IP objects (computers, routers) Since WEB appeared DNS become a tool for identify Internet objects (INFORMATION) ! DNS system was designed for traffic loads that reflect the rate and complexity of human activities ! How DNS will react on machine-machine applications (crowlers, traffic reviewer,..) How is robust, scalable, sensitive to the attacks and misconfigurations 1-2 M updates/hour on root DNS (from misconfigurations) 20 top ASes make 50 % updates (China, US, Spain) 97% such updates is from WINDOWS machines Wrong coordination between DHCP and DNS for private IP can create unwanted traffic and requests to global DNS. This leakage is inappropriate from the traffic and also from the security aspects. REFERENCE CAIDA papers: A.Broido, E.Nemeth, kc claffy, SPECTROSCOPY of Private DNS update Sources A.Broido, H.Shang, M.Fomenkov, Y.Hyun, kc claffy, The Windows of Private DNS Updates

  13. com TLD TLD ns ns ns .cz ns ns ns ns .cvut. ns ns ns ns ns ns .fel. ns ns ns ns ns ns .fjfi. ns ns ns ns ns ns ns ns Internet naming based on DNS PROBLEM IS NOT ONLY TO HAVE NAME (registration) But how TO HANDLE resolution (conversion from/to IP) and UPDATE databases which are bigger and bigger .hp. Recursing requests .ibm. .nl .de .fs.cvut.cz URL: server/datapath Most request is resolved on the lowest level but not all data are available => Recursing requests browsers Remember: Each nice Web page from “somewhere” can contain several resolutions ! (reference to icon/picture/doc located somewhere in Internet) and for seeing it must be resolved !! And it also means grow of your local cache databases

  14. DNS is undoubtedbutmore and more actual problem is:Separation data from location ! Van Jacobson on Google http://video.google.com/videoplay?docid=-6972678839686672840

  15. sfr://fbcd1234/doc/pub1.ps Using DHTs to Untangle WEB from DNS ( Michael Walfish MIT ) Hostname/pathname structure and DNS resolution http://www.myhost.edu/doc/pub1.ps SFR Semantic Free Referencing SFRtag/pathnamestructure and DHT resolution O-record of Metadata SFRtag: 160 bit string, IP address, port, … Contact to traditional web servers: SFR infrastructure strips first part and makes DHT resolution, It replaces the first part (host id) with IP and the rest is same as previous case More flexibility: pathname part of the SFRtag, multiple destinations

  16. 192.12.12.121 192.161.1.12 192.161.1.12 PASTRY (DHT) Set of RNodes, each RNode keeps range of addresses for nodes Each new node is logically located into this range Lookup is based on the nearest neighbour Hash Table This example cover 224 -1 = 16 mil. objects RNode $key=“dabcf2” $ip = $address {$key} 0 d471f1 If in local range ..67c5 to ..71f1 Not forwarding ! RNode ip key index key c2d0 1 d467c4 1faab1 148.33.244.1 2 d46a1c d462ba 65a1fc 128.128.22.11 121 dabcf0 Range of local keys (c2d1 – 32aaff) 990 dabcf1 991 d4213f dabcf2 992 RNode 32ab00 Forwarding to d4xxxx Lookup (d46a1c) d13da3 Forwarding to dxxxxx RNode RNode from RN with KEY: 65a1fc In Pastry max key=ffff ffff ffff ffff

  17. Works with concept which separate data from location ! • Groupware service: • How many files in the Ocean Store? • Assume 1010 people in the world • 10,000 files/person – very conservative? • 1014filesshould be stored and maintained The objects are defined by GUID - fix length string 160 bits The objects are replicated and stored on multiple servers The lookup process is dynamic based on queries between client and server

  18. Tapestry routes the message to a physical host containing a resource with that GUID. Further, Tapestry is locality aware: if there are several resources with the same GUID, it locates (with high probability) one that is among the closest to the message source. Basic functions Publish/Unpublish Object, Route to Object, Route to node) http://oceanstore.cs.berkeley.edu/publications/papers/pdf/SPAA02.pdf

  19. Distributer A Query match File transfer DB Index Q.Req. B File list Q.Req. A Q.Req. A File B transfer File list Q.Req. A Q.Req. A File A transfer Gnutella Napster (coordination of sharing) Distributer Ultrapeer (Index for peers) Supernode UP-4 SN-A SN-B registration Node A Search Login server Q.Req. A Q.Req. A UP-1 SN-C Searcher Q.Req. A Node B GNet,… Skype P2P (peer to peer) applications -High popularity- high traffic (? %) Internet allows createmeshed structures, every host can communicate with anybody USERS JOINING AND LEAVING SYSTEMs RANDOMLY, VOLUNTARILY Broadcast query systems Explosion of P2P Searcher (send query to all neighbors) New p2p architectures New tools (bittorrent) New applications(Skype,SIP)

  20. from Darleen Fisher and Guru Parulkar NSF-CISE presentation

  21. from Darleen Fisher and Guru Parulkar NSF-CISE presentation

  22. from Darleen Fisher and Guru Parulkar NSF-CISE presentation

  23. APPLICATIONs FOR MILLIONs HOMEs IPTV HDTV VOD INTERNET Lastmile Open Service Gateway MULTISERVICE MULTIUSER Service providers Gateway operator Lastmile VOD Not only lastmile operator but business for many SP Open Service Gateway The gateway operator, through the core service gateway, acts much like a Unix root user. He allows users (service providers) to launch their shell or execution environment (their virtual service gateway). The core gateway runs services accessible to all users. However, contrary to Unix root users, the core gateway does not have access to service gateways' data, files, etc, since these would belong to different, potentially competing companies. More details:http://perso.citi.insa-lyon.fr/sfrenot//publications/royonCBSE06vosgi.pdf

  24. Situation is getting worse From: David Alderson CALTECH , NSF Find meeting, Dec. 2005

  25. GIobal Environment for network Innovations – GENI Reaction of NSF to existing Internet problems • August 25, 2005: NSF announces the GENI Initiative at SIGCOMM. • Since 2006 NFS (CISE) divided GENI to program FIND – Future Internet Design and the program of construction GENI facility • During 2 years was many working meetings and it was prepared nearly 50 GDD (Geni Design Documents) http://www.geni.net/documents_nav.php The most complex is GENI Research plan GDD-06-28 vers. 4.5 from April 2007 in which defines detail frame for GENI research

  26. GENIResearch program The GENI Initiative will support research, design, and development of new networking and distributed systems capabilities by: • Creating new core functionality:Going beyond existing paradigms of datagram, packet and circuit switching; designing new naming, addressing, and overall identity architectures, and new paradigms of network management; • Developing enhanced capabilities:Building security into the architecture; designing for high availability; balancing privacy and accountability; designing for regional difference and local values; • Deploying and validating new architectures:Designing new architectures that incorporate emerging technologies (e.g., new wireless and optical technologies) and new computing paradigms enabled by pervasive devices; • Building higher-level service abstractions: Using, for example, information objects, location-based services, and identity frameworks; • Building new services and applications:Making large-scale distributed applications secure, robust and manageable; developing principles and patterns for distributed applications; • Developing new network architecture theories:Investigating network complexity, scalability, and economic incentives.

  27. Focus of FIND On reinvented Internet architecture andnot on individual network technologies Internet evolutioninfluenced by clean-slate approach Alternate architecture(s) coexistwith the current Internet Virtualization becomes the norm with plurality of architectures New services and applications enabled

  28. Status of FIND in 2007 The whole FIND program is currently in initial phase. NSF has created a FIND Planning Committee, which is working with NSF to organize a series of meetings among FIND grant recipients to identify and refine overarching concepts for a network of the future. It is a continuation of GENI talks that started in 2005 FIND will in 2007 operate with 40 millions US $ and it is expected that from this budget would award at about 60-80 teams. The kickoff meeting was held in November 2006. http://www.nets-find.net/ NeTS - Division ofComputer & Network Systems funds researchand education projectsin four basic areas: Programmable Wireless Networks (NeTS-ProWin) 16 Networking of Sensor Systems (NeTS-NOSS) 30 Networking Broadly Defined (NeTS-NBD) 27 Future Internet Design (NeTS-FIND) 15 – (5,2 M US)

  29. FIND - Scope of Research • Core functionalities(Reconsideration of basicsincluding packets and other modes of multiplexing and datadelivery, addressing, naming and identity; routing and delivery; support for mobility; overlay networks, and services required to support overlays; architectural implications of performance objectives; and other elements of network services.) • Security and robustness(prevent attack, flooding, blocking unwanted traffic, dealing with „zombies“ and „botnets“, design new safe protocols and frameworks for applications, end nodes security) • Social aspects - privacy and accountability(balancing privacy/identity, problematic of identity tracking, increase mutual trust between users and authorities, responsibility for malicious behavior, access to emergency services) • Manageability and usability(facilitate network management, automated networks configurations, fault reporting and diagnostics, architectures cross region coordinations) • Implications of new Wireless and sensor networks(mobility of subnets, dynamic resource location, data driven routing, ) • Optical network architectures and their implications(integrated internet/optical management, dynamic allocation of capacities, aggregation in backbones ) • High level conceptualization(closer to the user, what they want, location based services, search based on localities, information context etc.) • Theoretical foundations(investigating network complexities, scalability, robustnes) • Support for applications design(How applications and services should be design to exploit new architectures, deveoloping distributed applications including economical incentives)

  30. The GENI Facility As envisioned, the GENI Facility will enable: • Shared use through slicing and virtualization in time and space domains (i.e., where "slice" denotes the subset of resources bound to a particular experiment); • Access to physical facilities through programmable platforms (e.g., via customized protocol stacks); • Large-scale user participation by "user opt-in" and IP tunnels; • Protection and collaboration among researchers by controlled isolation and connection among slices; • A broad range of investigations using new classes of platforms and networks, a variety of access circuits and technologies, and global control and management software; • Interconnection of independent facilities via federated design. The GENI Facilitywill leverage the best ideas and capabilities from existing network testbeds such as PlanetLab, ORBIT, WHYNET,Emulab, X-Bone, DETER and others. The GENI Faciltywill need to extend beyond these testbeds to create an experimental infrastructure capable of supporting the ambitious research goals of the GENI Initiative.

  31. Relation FIND/GENIStages of Research 2007 and Later Architectures as they emerge will be made operational and tested via: • Simulation (ns-2, …) • Emulation (Planetlab, Emulab,…) • Run on a large-scale GENI facility When ?

  32. GENI facility ? Current situation “HORIZON PROJECT” with 20 millions US for preconstruction planning Next step “Readiness Stage” (allow extension preconstruction planning) Deliverables: • Testbed federation • Planetlab/Emulab • Building control plane • Planetlab prototype, • VINI –Virt. Network Infrastructure • Proof-of-concepts wired-wireless integration • Distributed authorization and access control • Internet in a Slices (Click + XORP) 2009 2007 Filling gap FIND projects: Work on existing experimental infrastructures !

  33. If we cannot extend Internet we can replicate it via virtual concepts If we cannot extend Internet we can replicate it via virtual concepts

  34. http://www.planet-lab.org

  35. VMM VMM VMM VMM VS – Virtual server Independent OS LINUX (BSD) running on VM, with own administartion including root with own file system and computation capability Slice: set of VS on different nodes

  36. Node/Slices in PlanetLab N1 N7 Virtual path VP1 N3 VP 2 N2 VP n N4 N6 SLICEA1(N3,N1,N2,N3,N4,N5,N6.N7) N5 SLICEA2 (N3,N6,N5,N4) SLICEA3(N1,N2,N6,N7 Node App1 On each node can run more users (slices) Each of them is running in own virtual system One user can run more applications SLICE App2 App3

  37. Overlay/Slices in PlanetLab Virtual path VP1 VP n VP 2 N1 N7 N3 N2 N4 N6 N5 Motto TNC-2007: VISIBLE SERVICES – TRANSPARENT NETWORKS

  38. The Overlays Virtual path VP1 VP n VP 2 VP 3 Virtual path VP1 VP 2 Motto TNC-2007: VISIBLE SERVICES – TRANSPARENT NETWORKS

  39. The Overlays Virtual path VP1 VP n VP 2 real path in IP R2 Rn Real paths in IP: - shared (Planetlab) - private VPN,tunnels, IPinIP end2end (X-bone,..) R1 Motto TNC-2007: VISIBLE SERVICES – TRANSPARENT NETWORKS

  40. VIOLIN VirtualInternetworking on Overlay INfrastructer (Department of computer science Purdue Univ.) • Violins are virtual isolated networks build on top of overlay networks as • They include virtual routers, switches and end hosts. • Each Violin works in our virtual world with own IP address space Entities of VIOLIN are created, deleted or migrated on-demand. It creates new environment for applications which can be deployed in this new virtual network. Violin Vnode1 Virtual path VP1 VP 2 vnode2 vnode3 Planetlab IP R4 real path in IP node2 node3 R1 R2 R5 R3 node1

  41. VnodeN VnodeN Vswitch Vnode1 Vnode2 UML UML UML UML UML VM VM VM VM VM VIOLIN VirtualInternetworking on Overlay INfrastructer (Department of computer science Purdue Univ.) Inter host tunneling Intra-host tunneling Host OS (Fedora) node2 node1 Violin vnode1 Virtual path VP1 VP 2 vnode2 vnode3 Planetlab IP R4 real path in IP node2 node3 R1 R2 R5 R3 node1

  42. Service switch for Sx S1 S1 S2 S3 G-OS G-OS G-OS G-OS SODA: a Service-On-Demand Architecture (Department of computer science Purdue Univ.) User request for different services Service switch for S1 Service switch for S 2 HUP Hosting utility Platform node n node 1 node 2 SODA (Daemon) SODA (Daemon) SODA Daemon Bootstrap VM + downloading appl. Guest OS „UML“ Host OS Host OS Each User can get individual service (web, comp, log, media service …) SODA Master SODA Agent Configuration for SERVICE types Request ASP for SERVICE type

  43. Shortcut connections WOW Wide area network Of virtual Workstations (ACIS Lab University of Florida) Fig.1 shows WOW testbed distributed over 6 firewalled domains (118 p2p router nodes - Planetlab and other VMware-based VM nodes) IPOP – IP over p2p(concept based on Brunet p2p protocol (used to pass FW) on-demand establishments of direct overlay links between WOW nodes (nodes can join or leave system in 10 sec. direct communication between nodes in 200 sec.) WOW is running unmodified OS and application inside VMs, they can use the middleware framework and reach variety of hosts using CONDOR and VM binary versions of application which can be replicated

  44. Virtuoso/VNET (Department of Computer Science Northwestern University) Dynamically created topology (ring) in order of seconds based onVTTIF (Virtual Topology and Traffic Interface Framework) Significantly improve application performance without user participation VNET creates illusion that users’s VM are on user’s LAN

  45. What is emulation?the ability to mimic another machine on your computer. You can run the same programs that you would on whatever the other machine is. Univ. UTAH (160+128+40+18+8) hosts NEXT 17 EMULABS in operation or in contruction Switch ( Virt.capability) wired http://www.cs.utah.edu/flux/testbed-docs/emulab-dev-jan06.pdf

  46. DETERLAB shared infrastructure designed for medium scale repeatable experiments in computer security. 2 clusters (100 nodes each) http://www.deterlab.net

  47. Larry Peterson Princeton University: A Strategyfor Continually Reinventing Internet (May 2005) NLR NLR It opens way to new virtulal worlds and possibilities to replicate fundamental parts of internet Develop and test applications in new environment NLR NLR The first commercial entities will enter into new environment with their users Integrate mobility

  48. http://www.vini-veritas.net/about Internet 2 NLR Andy Bavier, Nick Feamster, Mark Huang, Larry Peterson, Jennifer Rexford.In VINI Veritas: Realistic and Controlled Network Experimentation.SIGCOMM 2006.

  49. http://www.vini-veritas.net/about Internet 2 • Building control plane • On Planetlab prototype, • Move out PL best effort, • new policies, kernel • Distributed authorization and • access control VLAN VLAN NLR VLAN • An experiment: • IIAS - Internet in a Slices • Click (SR)+ XORP(RPsuite) Andy Bavier, Nick Feamster, Mark Huang, Larry Peterson, Jennifer Rexford.In VINI Veritas: Realistic and Controlled Network Experimentation.SIGCOMM 2006.

  50. The main objective of the Euro NGI network is to create the European center of excellence in Next Generation Internet design and engineering, acting as a "Collective Intelligence Think Tank", representing a major support for the European Information Society industry and leading towardsa European leadership in this domain.

More Related