1 / 13

Active Networking

Active Networking. “ The active network provides a platform on which network services can be experimented with, developed, and deployed” http://www.darpa.mil/ito/research/anets/index.html. Active Network Objectives. Minimize amount of global agreement

stacey
Download Presentation

Active Networking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Active Networking “The active network provides a platform on which network services can be experimented with, developed, and deployed” http://www.darpa.mil/ito/research/anets/index.html Rob Jaeger, University of Maryland, Department of Computer Science

  2. Active Network Objectives • Minimize amount of global agreement • Do not require global agreement to support dynamic modification of the network • Support fast-path processing optimization • Scale to very large global active networks • Provide mechanisms to ensure security and robustness of nodes and of the network • Provide mechanisms to support different QoS/CoS Rob Jaeger, University of Maryland, Department of Computer Science

  3. Open Device Architecture (use MY updated one from the LANMAN ) Service C/C++ API Java API Java Service Download Java Service Device Code Java Lib JNI DataCom API Device Drivers Native Code JVM Operating System Device HW Rob Jaeger, University of Maryland, Department of Computer Science

  4. Why Java • Dynamic class loading • Reuse security mechanisms: byte-code verifier, security mgr, class loader • System stability: • Constrain applications to the Java VMs • Prohibit native code applications • Extensible, portable, & distributable services Rob Jaeger, University of Maryland, Department of Computer Science

  5. ANTS Demo Configuration Laptop 1 • RoutingSwitch loads boot image from TFTP server • RoutingSwitch dynamically loads Oplets from the Class Server • Laptop 1 originates the ping • Router gets Ping code from Laptop 1. • Router “evaluates” ping • Ping forwarded to Laptop2 • Laptop 2 requests code ORE Services Java-enabled Routing Switch Laptop 2 1. Class Server 2. TFTP Server Rob Jaeger, University of Maryland, Department of Computer Science

  6. ANTS Demo AN_Ping Application AN_Ping Application ANTS EE Service ANTS EE Ping Capsule ORE JVM WIN-95 Routing Switch DLResponse Capsule DLBootstrap Capsule DLRequest Capsule Rob Jaeger, University of Maryland, Department of Computer Science

  7. ANTS Demo AN_Ping Application AN_Ping Application ANTS EE Service ANTS EE Ping Capsule ORE JVM JVM WIN-95 Routing Switch DLResponse Capsule DLBootstrap Capsule DLRequest Capsule Rob Jaeger, University of Maryland, Department of Computer Science

  8. ORE Divert • Active Network topology is unknown • ANEP packets NOT addressed to this node are delivered to the control plane for processing • ANEP daemon receives packets and delivers them to the appropriate EE based on TypeID Application Application Execution Environment Execution Environment ANEP ANEP packet ASIC Filter Rob Jaeger, University of Maryland, Department of Computer Science

  9. ORE Protection • ORE uses JVM mechanisms to: • protect itself from the oplets • protect oplets from one another • Mechanisms include features of the Java • type safety, access control, bytecode verification • built-in sandbox security manager support • signed code • strong cryptography infrastructure Rob Jaeger, University of Maryland, Department of Computer Science

  10. ORE Protection • Java facilities are buttressed by ORE control over the allocation of as many of the system resources as possible • thread creation • sharing classes loaded by different class loaders • cross namespace protection • support for object reference revocation • Resource allocation -vs- consumption • CPU: control thread creation, but not cpu usage • File: control access the descriptors but not size Rob Jaeger, University of Maryland, Department of Computer Science

  11. ORE Protection • Extra JVM support is necessary to protection against misbehavior by oplets • Accounting of memory and CPU consumption • Promising possibility for memory accounting: • the ability to partition the object heap to enforce limits on the memory usage by an oplet Rob Jaeger, University of Maryland, Department of Computer Science

  12. Summary • User programmable computation engine on network devices • dynamic agents vs. static agents • dynamic loading • strong security through Java/JVM • safety among shared components via ORE Gigabit Router Active Network Platform Rob Jaeger, University of Maryland, Department of Computer Science

  13. References [1] P.Bernadat, D. Lambright, and F. Travostino, “Towards a Resource-safe Java for Service-Guarantees in Uncooperative Environments,” IEEE Symposium on Programming Languages for Real-time Industrial Applications (PLRTIA) ‘98, Madrid, Spain, Dec. ‘98. [2] Active Networking Node OS Working Group, NodeOS Interface Specification", June 15, 1999 [3] Active Networks Working Group, "Architectural Framework for Active Networks Version 0.9", August 31, 1999 [4] T. Lavian, R. Jaeger, "Open Programmable Architecture for Java-enable Network Devices", Stanford Hot Interconnects, August 1999. [5] D. Wetherall et al. ANTS: A Toolkit for Building andDynamically Deploying Network Protocols. OPENARACH'98 [6] C. Hawblitzel, C. Chang, G. Czajkowski, D. Hu, T. von Eicken, “Implementing Multiple Protection Domains in Java”, 1998 USENIX Annual Technical Conference, New Orleans, LA, June 1998 [7] R. Jaeger, T. Lavian, R. Duncan, “Open Programmable Architecture for Java-enabled Network Devices”, To be presented at LANMAN ‘99, Sydney, Australia, November 1999 Rob Jaeger, University of Maryland, Department of Computer Science

More Related