The Stanford Clean Slate Program Nick McKeown Professor of Computer Science & Electrical Engineering.

Slides:



Advertisements
Similar presentations
1 © 2001, Cisco Systems, Inc. Updated_ Mobile IP Lessons Learned The early years.
Advertisements

Polycom Unified Collaboration for IBM Lotus Sametime and IBM Lotus Notes January 2010.
EE384y: Packet Switch Architectures
Computer Networks TCP/IP Protocol Suite.
Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.
INDIANAUNIVERSITYINDIANAUNIVERSITY GENI Global Environment for Network Innovation James Williams Director – International Networking Director – Operational.
June 2007NSF Find Forensics and Attribution in Ethane Martin Casado Stanford University With: Michael Freedman, Justin Pettit, Jianying Luo, Natasha Gude,
1 An Update on Multihoming in IPv6 Report on IETF Activity IPv6 Technical SIG 1 Sept 2004 APNIC18, Nadi, Fiji Geoff Huston.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Multihoming and Multi-path Routing
NORDUnet: Hannu H. Kari/HUT/CS/TMLPage 1/22 Mobility in the Wireless and Wired World Hannu H. KARI Helsinki University of Technology (HUT) professor/TML-laboratory/CS/HUT.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Welcome to CCY2. Communicating the Vision Engage key educational audiences School board Business manager/administration Staff Community - Parents Students.
NETWORK TRANSFORMATION THROUGH VIRTUALIZATION
| Copyright © 2009 Juniper Networks, Inc. | 1 WX Client Rajoo Nagar PLM, WABU.
Jennifer Rexford Princeton University MW 11:00am-12:20pm Logically-Centralized Control COS 597E: Software Defined Networking.
Network Systems Sales LLC
Chapter 1: Introduction to Scaling Networks
Christophe Jelger – CS221 Network and Security - Universität Basel Christophe Jelger Post-doctoral researcher IP Multicasting.
Mobile Computing
Towards Software Defined Cellular Networks
1 Wireless and Mobile Networks Part 2 November 25, 2008 Department of Electrical and Computer Engineering University of Western Ontario ECE 436a Networking:
1 Internet Protocol: Routing IP Datagrams D. E. Comer, “Internetworking with TCP/IP: Principles, Protocols and Architectures”, Ch. 8, Prentice Hall, 2000.
1 IU Campus GENI/Openflow Experience Matt Davy Quilt Meeting, July 22nd 2010.
TCP/IP MODEL Maninder Kaur
Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.
1 Seminar on “Clean Slate Design for the Internet” Nick McKeown
Guru Parulkar A Case for Rethinking the Internet Architecture: Some Promising Approaches.
OpenFlow : Enabling Innovation in Campus Networks SIGCOMM 2008 Nick McKeown, Tom Anderson, et el. Stanford University California, USA Presented.
Virtualization and OpenFlow Nick McKeown Nick McKeown VISA Workshop, Sigcomm 2009 Supported by NSF, Stanford Clean.
RIT Campus Data Network. General Network Statistics Over 23,000 wired outlets Over 14,500 active switched ethernet ports > 250 network closets > 1,000.
1 GENI: Global Environment for Network Innovations Jennifer Rexford Princeton University
1 GENI: Global Environment for Network Innovations Jennifer Rexford On behalf of Allison Mankin (NSF)
The Stanford Clean Slate Program A couple of platforms (Or: “Why can’t I innovate in my wiring closet?”) Nick McKeown
ISOC-Chicago 2001John Kristoff - DePaul University1 Journey to the Center of the Internet John Kristoff DePaul University.
The Future of Internet Research Scott Shenker (on behalf of many networking collaborators)
The Future of the Internet Jennifer Rexford ’91 Computer Science Department Princeton University
TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.
Networking Components Chad Benedict – LTEC
Chapter 11: Dial-Up Connectivity in Remote Access Designs
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru Parulkar, Larry Peterson, Jennifer Rexford, Scott Shenker, Jonathan Turner, SIGCOM CCR, 2008 Presented.
1 Internet Protocol: Forwarding IP Datagrams Chapter 7.
Information-Centric Networks10b-1 Week 13 / Paper 1 OpenFlow: enabling innovation in campus networks –Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru.
1 October 20-24, 2014 Georgian Technical University PhD Zaza Tsiramua Head of computer network management center of GTU South-Caucasus Grid.
Virtual LAN Design Switches also have enabled the creation of Virtual LANs (VLANs). VLANs provide greater opportunities to manage the flow of traffic on.
Wave Relay System and General Project Details. Wave Relay System Provides seamless multi-hop connectivity Operates at layer 2 of networking stack Seamless.
OpenFlow: Enabling Technology Transfer to Networking Industry Nikhil Handigol Nikhil Handigol Cisco Nerd.
OpenFlow: Enabling Innovation in Campus Networks
1 Chapter Overview Using the New Connection Wizard to configure network and Internet connections Using the New Connection Wizard to configure outbound.
Internet and Intranet Fundamentals Class 9 Session A.
1 Second ATLAS-South Caucasus Software / Computing Workshop & Tutorial October 24, 2012 Georgian Technical University PhD Zaza Tsiramua Head of computer.
Information Flow Across the Internet. What is the Internet? A large group of computers that link together to form the Worldwide Area Network (WAN)
June, 2006 Stanford 2006 Ethane. June, 2006 Stanford 2006 Security and You  What does security mean to you?  Data on personal PC?  Data on family PC?
OpenFlow:Enabling Innovation in Campus Network
NETWORK HARDWARE AND SOFTWARE MR ROSS UNIT 3 IT APPLICATIONS.
Networks Part 2: Infrastructure + Protocols NYU-Poly: HSWP Instructor: Mandy Galante.
Clean Slate Seminar CS541: Fall 2007/8 Nick McKeown Guru Parulkar
Information-Centric Networks Section # 13.2: Alternatives Instructor: George Xylomenos Department: Informatics.
1WARFP 2006 NetFPGA Greg Watson Prof. Nick McKeown, Martin Casado High Performance Networking Group Stanford and many Stanford students…
ITE PC v4.0 Chapter 8 1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco Public  Networks are systems that are formed by links.  People use different.
Ethane: Taking Control of the Enterprise Presenter: KyoungSoo Park Department of Electrical Engineering KAIST.
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
ETHANE: TAKING CONTROL OF THE ENTERPRISE
Computer Data Security & Privacy
The Stanford Clean Slate Program
The Stanford Clean Slate Program
Client-Server and Peer to Peer networks
Design Unit 26 Design a small or home office network
Presentation transcript:

The Stanford Clean Slate Program Nick McKeown Professor of Computer Science & Electrical Engineering

The Stanford Clean Slate Program It doesn't need fixing. It just needs a few upgrades. IPV6 would be a nice place to start These guys are completely on crack …You do not want to have intelligence inside the network, ever… The [network] should be application- unaware, stupid, unreliable, and as simple as possible. Which is the Internet we have today, and it works great, thank you very much. Its just a bunch of tubes, right?

The Stanford Clean Slate Program Clean Slate Research is… A way of thinking … that is common elsewhere … but difficult when there is legacy

The Stanford Clean Slate Program Car Engine Policy Car Body Materials Fuel Control SafetyEmissions Fueling Stations Manufacture Rethinking the car Installed base , M M 1 gallon of gas 22lbs of CO 2

The Stanford Clean Slate Program Anything to rethink? How come it takes an hour to set up a session? Why can I join someone elses call? Will the quality always be this poor? Can I put a camera on my car and drive around?

The Stanford Clean Slate Program Economically sustainable Trustworthy: Secure, robust, manageable Mobility by default. Users and data Unthought of links Unthought of applications Performance to blow our socks off

The Stanford Clean Slate Program Early stakes in the ground Organic growth lead to structure: Lets exploit it Optics is here to stay: Lets exploit it too Flows: They are our friends

The Stanford Clean Slate Program In parallel 2005: A sea-change in the networking research community –Prompted by NSF –ITRs (including 100x100 Clean Slate Program) –NSF FIND: Funding for architectural ideas –NSF GENI: Creating a platform for experimenting with new architectures, services and technologies : A large community-wide effort –GENI planning process –Programs starting in Europe and Asia : GENI Project Office

The Stanford Clean Slate Program Architectural Blueprint? Bottom-up first, Top-down later Now…Innovation in the small Coverage of areas Four funded so far, adding more

The Stanford Clean Slate Program Architectural Blueprint? Flagship projects Larger collaborative projects Start to tie research together

The Stanford Clean Slate Program Architectural Blueprint? Programmable Nationwide Backbone (Lightflow) Local Wireless Platform Flow Theory Security (Ethane) Wireless (Spectrum) Backbone (VLB) Congestion Control (RCP) Top-down blueprint? Too early to decide

The Stanford Clean Slate Program The Stanford Clean Slate Program Create a breeding ground for new collaborative projects across boundaries Projects that will have significant impact in years Exploit Stanfords breadth and depth Work closely with a focused group of committed industrial partners

The Stanford Clean Slate Program Stanford Clean Slate Program Faculty Directors Nick McKeown Bernd Girod Executive Director Guru Parulkar Affiliate Members Cisco Deutsche Telekom NEC NTT DoCoMo Xilinx + 3 in the works

The Stanford Clean Slate Program Stanfords Breadth and Depth World-class expertise in: Networking, optical communications, wireless, access networks, theory, economics, security, applications, multimedia, operating systems, hardware and VLSI, system architecture, … Participants from across EE, CS, MS&E, GSB Dan Boneh, David Cheriton, Bill Dally, Abbas El Gamal, Bernd Girod, Ashish Goel, Andrea Goldsmith, Mark Horowitz, Ramesh Johari, Joseph Kahn, Sunil Kumar, David Mazières, Nick McKeown, David Miller, Phil Levis, Balaji Prabhakar, Mendel Rosenblum, Tim Roughgarden.

The Stanford Clean Slate Program Programmable Nationwide Backbone (Lightflow) Local Wireless Platform Flow Theory Security (Ethane) Wireless (Spectrum) Backbone (VLB) Congestion Control (RCP) Projects Optical technology promises enormous capacity & low-power Professors Leonid Kazovsky & Nick McKeown Goal is to propose new networks to exploit optical switching

The Stanford Clean Slate Program Programmable Nationwide Backbone (Lightflow) Local Wireless Platform Flow Theory Security (Ethane) Wireless (Spectrum) Backbone (VLB) Congestion Control (RCP) Projects Existing theory lacks details of flow-dynamics and end-to-end semantics Professors Balaji Prabhakar & Amin Saberi Goal is to develop flow-level theoretical models

The Stanford Clean Slate Program Programmable Nationwide Backbone (Lightflow) Local Wireless Platform Flow Theory Security (Ethane) Wireless (Spectrum) Backbone (VLB) Congestion Control (RCP) Projects Spectrum scarcity is a result of tight, inefficient government control Professors Andrea Goldsmith & Ramesh Johari Goal is to propose new approach to spectrum allocation & protocols

The Stanford Clean Slate Program Programmable Nationwide Backbone (Lightflow) Local Wireless Platform Flow Theory Security (Ethane) Wireless (Spectrum) Backbone (VLB) Congestion Control (RCP) Projects Professors Boneh, Mazieres, Rosenblum, McKeown Goal is to propose clean slate architectures for secure networks

The Stanford Clean Slate Program What wed like Principle 1: Manage network using policy over real names Nancy can access Payroll Laptops cant accept incoming connections VoIP phones mustnt move Principle 1: Manage network using policy over real names Nancy can access Payroll Laptops cant accept incoming connections VoIP phones mustnt move Nancy Payroll Principle 2: Policy should dictate the path packets follow CEO traffic should not pass through engineering Guest flows must pass through http proxy Laptop flows must pass through IDS Principle 2: Policy should dictate the path packets follow CEO traffic should not pass through engineering Guest flows must pass through http proxy Laptop flows must pass through IDS Principle 3: The origin of packets should be known Principle 4: Network should log all connectivity For diagnostics and auditing Principle 4: Network should log all connectivity For diagnostics and auditing

The Stanford Clean Slate Program dhcp Today Principle 1: Manage network using policy over real names Nancy can access Payroll Laptops cant accept incoming connections VoIP phones mustnt move Principle 1: Manage network using policy over real names Nancy can access Payroll Laptops cant accept incoming connections VoIP phones mustnt move Nancy Payroll Host: b IP: j MAC: n Host: a IP: i MAC: m dns learning spanning tree ospf Everyone who is not Nancy cannot access payroll Q: How to identify them? Q: Where do their packets flow? Today ACL: Jims IP, payroll ACL: Jens IP, payroll Jen

The Stanford Clean Slate Program Problems Bindings between users, hosts and addresses keep changing, are not authenticated and are chosen elsewhere. Route is picked elsewhere and is unknown to the manager. And changes. New entities require many more filters. Change of entity locations requires updating of filters. Easy to circumvent, hard to diagnose. Nancy Host: b IP: j MAC: n dns dhcp Dynamic bindings Allocated elsewhere Not authenticated Easily spoofed

The Stanford Clean Slate Program Ethane: Design choices Centralized management Policy language governs network All communication requires permission Secure and track all bindings

The Stanford Clean Slate Program dhcp Ethane: Taking Control Nancy Payroll Host: b IP: j MAC: n Host: a IP: i MAC: m dns Nancy can access Payroll Laptops cant accept incoming connections VoIP phones mustnt move CEO traffic should not pass through engineering Guest flows must pass through http proxy Laptop flows must pass through IDS Nancy can access Payroll Laptops cant accept incoming connections VoIP phones mustnt move CEO traffic should not pass through engineering Guest flows must pass through http proxy Laptop flows must pass through IDS learning spanning tree ospf controller

The Stanford Clean Slate Program Waypoints Payroll Nancy can access Payroll Laptops cant accept incoming connections VoIP phones mustnt move CEO traffic should not pass through engineering Guest flows must pass through http proxy Flows to Payroll must pass through IDS Nancy can access Payroll Laptops cant accept incoming connections VoIP phones mustnt move CEO traffic should not pass through engineering Guest flows must pass through http proxy Flows to Payroll must pass through IDS controller Nancy

The Stanford Clean Slate Program Ethane: Manageability Fine-grain control of each flow Can isolate users, groups, hosts Can specify waypoints Can require different forms of authentication for different access points (e.g. stronger for wireless than wired)

The Stanford Clean Slate Program Ethane: Many questions Central controller –Performance & Scalability –Robustness How to make it easy to use for manager… …and transparent to user.

The Stanford Clean Slate Program Our deployment 300+ hosts at Stanford: Servers, laptops, desktops, phones. 19 switches –Hardware, software, wireless Policy: 132 rules to replicate policy

The Stanford Clean Slate Program Lessons so far… Controller handles >10,000 flows/second Maybe enough for whole of campus Multiple ways to handle redundancy –Cold-standby, hot-standby, stateless, stateful Transparent to users (even remotely at home!) Diagnostics –Control who can perform diagnostics and see traffic –Journal all bindings: Can tell who sent a packet when.

Flagship Projects #1: Build our own small private programmable backbone

The Stanford Clean Slate Program Routing Control & Mgmt Routing Control & Mgmt Hardware Datapath Hardware Datapath Open Source Router Kit Software: Linux/XORP (ICSI) Hardware: NetFPGA (Stanford) Program in Verilog Industry-standard design flow Contains embedded CPUs NetFPGA is a PCI card NetFPGA is a Programmable 4 x 1GE switch or any packet processor ~$500 for kit Available June 2007 For classroom & research Used in CS344/EE384D Build an Internet Router and EE109

The Stanford Clean Slate Program Architectural Blueprint? Programmable Nationwide Backbone (Lightflow) Local Wireless Platform Flow Theory Security (Ethane) Wireless (Spectrum) Backbone (VLB) Congestion Control (RCP) How would you like to take part?

The Stanford Clean Slate Program Agenda 09: :45 Nick McKeown Introduction Nick McKeown Introduction 09: :30 Jonathan Turner, WUSTL An Architecture for a Diversified Internet Jonathan Turner, WUSTL An Architecture for a Diversified Internet 10: :00 Break 11: :30 Bernd Girod Clean Slate Design for Internet Video Delivery Bernd Girod Clean Slate Design for Internet Video Delivery 11: :00 Balaji Prabhakar 21st Century Queuing Theory, and Internet Address Allocation Balaji Prabhakar 21st Century Queuing Theory, and Internet Address Allocation 12:00 – 13:30 Lunch with Poster Session 13: :00 William B. Norton, Equinix Video Internet: The Next Wave of Massive Disruption to the U.S. Peering Ecosystem William B. Norton, Equinix Video Internet: The Next Wave of Massive Disruption to the U.S. Peering Ecosystem 14: :30 Dan Boneh A Clean Slate Approach to Web Technology Dan Boneh A Clean Slate Approach to Web Technology 14: :00 John Mitchell Security Analysis of Network Protocols John Mitchell Security Analysis of Network Protocols 15: :00 PANEL (Moderated by Balaji Prabhakar) It's Not Just About the Plumbing It's Not Just About the Plumbing

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.