1 / 25

Active Networks: Applications, Security, Safety and Architectures

Active Networks: Applications, Security, Safety and Architectures . Author: Konstantinos Psounis Stanford University Presenter: Sanjay Agrawal Purdue University. Purdue University Nov 15, 2000. Passive and Active Networks.

Download Presentation

Active Networks: Applications, Security, Safety and Architectures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Active Networks: Applications, Security, Safety and Architectures Author: Konstantinos Psounis Stanford University Presenter: Sanjay Agrawal Purdue University Department of Computer Science, Purdue University Purdue University Nov 15, 2000

  2. Passive and Active Networks • Passive: Consists of smart hosts at the edges of the network performing computations up to the app layer, routers interconnecting them can only perform computations up to the network layer. • Active: Allows Intermediate routers to perform computations up to the application layer. Users can program the network by injecting programs into them. Department of Computer Science, Purdue University

  3. Networks, Passive and Active: • Passive Networks: Processing limited to Routing, congestion Control and QoS Schemes Problems: 1. Difficulty of integrating new technologies 2. No support for applications that require computation within the network. 3. Poor performance due to redundant operations. Department of Computer Science, Purdue University

  4. Need for Active Networks: • Need an ability to program the networks. • Networks should be able to do computations on user data. • Users can supply the programs to perform these computations. Department of Computer Science, Purdue University

  5. Arguments for and against AN • Against: • Internet successful because of its simplicity. • For • Need • Will increase the pace of innovation. • Mobile code technology enables it. • End to end performance of applications will improve. Department of Computer Science, Purdue University

  6. End to End Argument: • A function or service should be placed in the network only if it can be implemented cost effectively. • Idea of AN is compatible with this argument. • Some services can best be supported using info available inside the net. Department of Computer Science, Purdue University

  7. Online Auctions • The price info by server may not be up-to- date causing client to submit a low bid. • So auction server will receive bids that are too low and must be rejected. • In AN such low bids can be filtered out in the network, before reaching the server. • At heavy load, server activates filters in nearby nodes, updating them with current price periodically. • Frees server resources for processing competitive bids, reduces net utilization at the server. Department of Computer Science, Purdue University

  8. Performance.. • Improvement brought about by delegating some of app’s functionality to internal network nodes. • Normal traffic could infact benefit from active processing which will reduce bandwidth utilization in some regions of the network. • Doing work within the network reduces the total amount of work done by the app. Department of Computer Science, Purdue University

  9. Performance • We need App performance rather than network performance, which are not correlated. • AN may cause fewer pkts to be sent, with longer per hop latencies because of increased computation and storage. • Still overall app performance will improve, because of reduced demand for bandwidth at end-points. Department of Computer Science, Purdue University

  10. Applications • Active Networks can be beneficial for a variety of applications: • Network Management • Congestion Control • Multicasting • Caching Department of Computer Science, Purdue University

  11. Congestion Control • Prime Candidate for Active Networking • A special case of Network Management. • It’s an intranetwork event, hence solutions to it should be far removed from the app. • Delay in congestion information to propagate to the user. Department of Computer Science, Purdue University

  12. AN and Congestion: • Active Node can monitor the available bandwidth and control data flow rate accordingly. • Probe packets can gather congestion information as they travel and Monitor packets can use the info to identify the onset of congestion and regulate the flow accordingly. • Applications can produce congestion control data according to the situation if they are aware of it, like selective dropping. Department of Computer Science, Purdue University

  13. Experimental Technologies: • Network defines a finite set of functions which can be performed at a node on the active packets. • Header information in each packet called APCI to specify the function. • Packets processed according to APCI and the header recomputed if the function transforms the data. • Tested using a Unit Level Dropping Function. Department of Computer Science, Purdue University

  14. contd.. • Model is conservative, since no executable code travels in the packets. However, it is a step towards more radical changes. • More complex models will have packets carrying code that makes on the fly routing and congestion control decisions based on information brought to the node by other packets. • Upcoming congestion tracked and regulation done before congestion takes place. Department of Computer Science, Purdue University

  15. Multicasting • Current “passive” schemes provide only partial solution to the problem of NACK implosion, load of retransmissions, duplication of packets. • Active Reliable Multicast deals with these problems efficiently by storing a soft state and performing customized computation based on packet types. • Note that not all nodes need to be active for ARM to work. So an ActiveBONE similar to MBONE will work. Department of Computer Science, Purdue University

  16. Active Reliable Multicast • Local retransmission handled by caching the multicast packets which reduces both latency and traffic. • Active router maintains a NACK record and a repair record to perform NACK suppression and scoped retransmission. • Flexible and robust as active routers do not need knowledge of group topology. • Results show ARM has lower recovery latency than passive schemes. Department of Computer Science, Purdue University

  17. Active Network Architectures • Some architectures carry executable code, which is executable on the data of the packet that carries the code. • Others place code in the active nodes. Identifiers on the packets used to decide which code to be executed. Department of Computer Science, Purdue University

  18. Active IP Option: • Active Packets approach. • Extension to IP Options mechanism. • Option to carry program fragments in a variety of languages. And to query the languages supported. • Backward compatibility ensured since unknown options are silently ignored. • Implementation in TCL, to take advantage of TCL interpreter’s restricted execution environment. Department of Computer Science, Purdue University

  19. ANTS • Active Nodes approach. • Network viewed as a distributed programming system. Packets travel as capsules carrying code. • Some code is comprised of well-known routines that reside at every active node. • Rest of the application specific code is transferred by mobile code distribution techniques. Department of Computer Science, Purdue University

  20. ANTS • Provides a flexible network service. Default forwarding. New protocols can also be introduced into the network. • Simultaneous use of a variety of network protocols • Construction and use of new protocols by mutual agreement among interested parties, rather than their centralized registration. • Dynamic deployment of these protocols. Department of Computer Science, Purdue University

  21. Security • An active packet could consume not only many resources but at a faster rate. • Denial of service attacks may occur if there is no resource management. • SANE, a layered architecture proposed at University of Pennsylvania addresses these issues. Department of Computer Science, Purdue University

  22. Architecture of ANTS • The requirements for having a flexible network layer met by having: • Packets replaced by capsules, dictate the processing to be performed on their behalf. • Selected routers replaced by active nodes. Provide an API for capsule processing and execute those routines safely. • A code distribution mechanism to enable active nodes to download code when needed. Department of Computer Science, Purdue University

  23. SANE Architecture • A Computer system is organized as a series of layers, each of which defines a virtual machine. • Higher levels trust the integrity of the lower layers. • Uses AEGIS, a secure bootstrap architecture to cold-start the system. • Assumes a PKI Infrastructure for node to node Authentication. • Uses a special programming language, PLAN, which is statically type checked and is pointer safe. Department of Computer Science, Purdue University

  24. Current Work • SANE at University of Pennsylvania. • Georgia Tech- congestion control. • Bowman an OS for Active Nodes. • ARM and active Router Architecture for Multicasting. Department of Computer Science, Purdue University

  25. Conclusions • Definitely an exciting step in network design. • Can potentially solve many of the current problems in passive networks, with a wide application range. • Will increase the pace of innovation, through rapid deployment and testing of new research. • However, most of the current implementations haven’t been deployed on a large-scale net. • Security requirements are enormous! Department of Computer Science, Purdue University

More Related