Extensible Networking Platform 1 1 - IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood

Slides:

Advertisements

Similar presentations

Oct, 26 th, 2010 OGF 30, NSI-WG: Network Service Interface working group Web Services Overview Web Services for NSI protocol implementation

Advertisements

Middleware and Management Support for Programmable QoS-Network Architectures Miguel Rio (joint work with Hermann De Meer, Wolfgang Emmerich, Cecilia Mascolo,

CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks or: How to Provide Security Monitoring as a Service in Clouds? Seungwon.

IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

A Seamless Handoff Approach of Mobile IP Protocol for Mobile Wireless Data Network. 資研一黃明祥.

1 Towards Pervasive Connectivity in Mobile Computing Frank Siegemund European Microsoft Innovation Center November 2006.

IWAN A Web Service- and ForCES-based Programmable Router Architecture Evangelos Haleplidis 1, Robert Haas 2, Spyros Denazis 13, Odysseas Koufopavlou.

Service Oriented Architectures in Heterogeneous Environments

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )

1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson

JAVA Technology. Java Technology Java technology is a portfolio of products that are based on the power of networks and the idea that the same software.

Rheeve: A Plug-n-Play Peer- to-Peer Computing Platform Wang-kee Poon and Jiannong Cao Department of Computing, The Hong Kong Polytechnic University ICDCSW.

JXTA P2P Platform Denny Chen Dai CMPT 771, Spring 08.

Peer to Peer Discovery Nate Thrasher. Peer to Peer Discovery ● 2 Basic Categories – Hardware Discovery – Information Discovery ● JXTA (

Topics in Advanced Network Security 1 Stateful Intrusion Detection for High Speed Networks Christopher Kruegel Fredrick Valeur Giovanni Vigna Richard Kemmerer.

Internet Indirection Infrastructure Ion Stoica UC Berkeley.

JXTA Selo TE Introduction What is JXTA ( pronounced Juxta ) What is JXTA ( pronounced Juxta ) Jxta – an open, network computing platform designed.

OSMOSIS Final Presentation. Introduction Osmosis System Scalable, distributed system. Many-to-many publisher-subscriber real time sensor data streams,

Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.

JXTA Lecture 1.JXTA Overview a) Background to Project JXTA b) Design Constraints c) Terminology d) Overview and Architecture e) Introducing the Concepts.

Internet Indirection Infrastructure (i3) Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Surana UC Berkeley SIGCOMM 2002.

Middleware for P2P architecture Jikai Yin, Shuai Zhang, Ziwen Zhang.

INTRUSION DETECTION SYSTEM

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

IEEE MEDIA INDEPENDENT SERVICES DCN: SAUC Title: Use cases of MIS framework to cooperate with SDN wireless access networks Date.

Cli/Serv.: JXTA/151 Client/Server Distributed Systems v Objective –explain JXTA, a support environment for P2P services and applications ,

Promile A Management Architecture for Programmable Modular Routers Miguel Rio (joint work with Nicola Pezzi, Luca Zanolin, Hermann De Meer, Wolfgang Emmerich.

On P2P Collaboration Infrastructures Manfred Hauswirth, Ivana Podnar, Stefan Decker Infrastructure for Collaborative Enterprise, th IEEE International.

Common Devices Used In Computer Networks

A Mobile-IP Based Mobility System for Wireless Metropolitan Area Networks Chung-Kuo Chang; Parallel Processing, ICPP 2005 Workshops. International.

Rev PA102/03/20041 Communication Between Peer Wireless Sensor Networks over 2.5G/3G Mobile Networks Srdjan Krco R&D Ericsson Ireland

IDRM: Inter-Domain Routing Protocol for Mobile Ad Hoc Networks C.-K. Chau, J. Crowcroft, K.-W. Lee, S. H.Y. Wong.

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )

Wireless Access and Terminal Mobility in CORBA Dimple Kaul, Arundhati Kogekar, Stoyan Paunov.

A Transport Framework for Distributed Brokering Systems Shrideep Pallickara, Geoffrey Fox, John Yin, Gurhan Gunduz, Hongbin Liu, Ahmet Uyar, Mustafa Varank.

To be smart or not to be? Siva Subramanian Polaris R&D Lab, RTP Tal Lavian OPENET Lab, Santa Clara.

CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.

NETWORKING COMPONENTS AN OVERVIEW OF COMMONLY USED HARDWARE Christopher Johnson LTEC 4550.

BitTorrent enabled Ad Hoc Group 1  Garvit Singh( )  Nitin Sharma( )  Aashna Goyal( )  Radhika Medury( )

Software-Defined Networking - Attributes, candidate approaches, and use cases - MK. Shin, ETRI M. Hoffmann, NSN.

3-1 JXTA Platforms. 3-1 Learning Objectives ● Learn about the different platform implementations of the JXTA protocols – Features provided by each implementation.

Virtual Private Ad Hoc Networking Jeroen Hoebeke, Gerry Holderbeke, Ingrid Moerman, Bard Dhoedt and Piet Demeester 2006 July 15, 2009.

MobileMAN Internal meetingHelsinki, June 8 th 2004 NETikos activity in MobileMAN project Veronica Vanni NETikos S.p.A.

Web Services Based on SOA: Concepts, Technology, Design by Thomas Erl MIS 181.9: Service Oriented Architecture 2 nd Semester,

Computers Are Your Future Eleventh Edition

Supporting Runtime Reconfiguration on Network Processors Kevin Lee Lancaster University

OS Services And Networking Support Juan Wang Qi Pan Department of Computer Science Southeastern University August 1999.

4/19/20021 TCPSplitter: A Reconfigurable Hardware Based TCP Flow Monitor David V. Schuehler.

Hot Interconnects TCP-Splitter: A Reconfigurable Hardware Based TCP/IP Flow Monitor David V. Schuehler

Jini Architectural Overview Li Ping

18-1 Summary (Day 2) Learning Summary – What is JXTA ? – Understand the fundamental concepts of JXTA – Learn about the various implementations of.

Web Services Using Visual.NET By Kevin Tse. Agenda What are Web Services and Why are they Useful ? SOAP vs CORBA Goals of the Web Service Project Proposed.

Performance Evaluation of JXTA-* Communication Layers Mathieu Jan PARIS Research Group Paris, November 2004.

Intro to Web Services Dr. John P. Abraham UTPA. What are Web Services? Applications execute across multiple computers on a network.  The machine on which.

Access Link Capacity Monitoring with TFRC Probe Ling-Jyh Chen, Tony Sun, Dan Xu, M. Y. Sanadidi, Mario Gerla Computer Science Department, University of.

VIRTUAL NETWORK PIPELINE PROCESSOR Design and Implementation Department of Communication System Engineering Presented by: Mark Yufit Rami Siadous.

Project JXTA Kaarthik Sivashanmugam. JXTA..? JXTA is a set of open, generalized peer-to-peer (P2P) protocols that allow any connected device on the network.

IEEE MEDIA INDEPENDENT SERVICES DCN: SAUC Title: Use cases of MIS framework to cooperate with SDN wireless access networks Date.

DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.

Atrium Router Project Proposal Subhas Mondal, Manoj Nair, Subhash Singh.

Preliminaries: EE807 Software-defined Networked Computing KyoungSoo Park Department of Electrical Engineering KAIST.

Network Processing Systems Design

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

CompTIA Security+ Study Guide (SY0-401)

Project JXTA By Jude Mercado.

Abstract The systems get affected due to worms and viruses. If worm enters the system it immediately starts affecting the system activities. Also the system.

Ieva Juodelytė IT 3 kursas 4 grupė

CompTIA Security+ Study Guide (SY0-401)

OpenSec：Policy-Based Security Using Software-Defined Networking

Presentation transcript:

Extensible Networking Platform IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood 7 th International Working Conference on Active and Programmable Networks (IWAN) November

Extensible Networking Platform IWAN 2005 Overview Background –Project motivation Extensible Network Configuration Architecture Experimental Results –Initial results using the Emulab testbed Conclusions

Extensible Networking Platform IWAN 2005 Background Administrators currently overwhelmed securing networks Wireless Router Traffic Shaper Intrusion Prevention System (IPS) NAT / Firewall Intrusion Detection System (IDS) Security devices in the network help combat the problem –Intrusion Detection or Prevention Systems (IDS) or (IPS) –Packet shapers –Firewalls Overhead associated with managing these devices is fairly high –Require manual configuration –Lack interoperability with other security devices

Extensible Networking Platform IWAN 2005 Problem Statement Objective –Develop generic infrastructure for management of security devices Challenges –Need an abstraction for communication between heterogeneous security devices –Need to provide interfaces to configure key components of a security device Example: Ability to update rules on each firewall supported in the overlay Proposed Solution –Deploy an overlay network of security devices –Allow nodes to communicate through eXtensible Markup Language (XML) –Create generic abstractions of a device are advertised to peers Example: “Advertisement: I provide firewall capabilities”

Extensible Networking Platform IWAN 2005 Description of Framework Create overlay network of security devices Devices subscribe to events of interest –Administrative Updates –Virus Signatures –Malicious IP flows to rate limit Administrator joins overlay to issue updates –Messages sent to each peer or a single group Nodes communicate with each other through services Nodes discover services in each group ? ? ? ? ? Nodes create and join groups of interest –Administrative –Firewall –Anomaly Detection Overlay software interfaces directly with applications executing on the node –Modifying configuration files –Restarting processes Wireless Router Traffic Shaper Intrusion Prevention System (IPS) NAT / Firewall Intrusion Detection System (IDS)

Extensible Networking Platform IWAN 2005 Implementation Overlay network built using the JXTA API –Provides open infrastructure to create Peer-to-Peer (P2P) networks Protocols built into JXTA include –Peer Discovery Discover peers, groups, and service in the overlay –Endpoint Routing Provide route information to peers, simplifying communication behind firewalls and NAT –Pipe Binding Creates communication channels for sending and receiving XML messages Supports various programming languages –Java (J2SE) –C –Mobile Java (J2ME) –Ruby

Extensible Networking Platform IWAN 2005 Example Security Nodes Current research explores three hardware platforms Wireless RouterWorkstationExtensible Switch Intrusion Detection or Prevention Snort with limited ruleset Snort or BroFPGA Snort Lite Quality of ServiceLinksys QoS Support Hierarchical Token Buckets (HTB) FPGA Queue Manager Anomaly or Event Detection NoneSPADEFPGA Worm Detector FPX with FPGA Hardware Pentium M Embedded Processor 200MHz MIPS

Extensible Networking Platform IWAN 2005 Experimental Setup Testbed experiment evaluates overhead in Processing and Routing XML Messages in JXTA –XML Publish/Subscribe –JXTA Pipes Creation –JXTA Message Notification Traffic Generator sends XML messages to Publisher Publisher parses XML messages and forwards message to clients based on individual service subscription Experiment created in Emulab testbed – 2GHz Pentium 4 nodes –100Mbit/sec Ethernet links Publisher Subscribers Network A Network B XML Traffic Generator

Extensible Networking Platform IWAN 2005 Experimental Results Experiments performed measure packet loss as packets per second (pps) increase –XML Traffic Generator increases pps to Publisher –Publisher forwards relevant messages to a single subscriber All messages forwarded in this experiment –Loss represents packets not received by subscriber Relatively low performance deal with overhead in JXTA creating an “output pipe” for each connection –The overhead is approximately 40ms per connection Potential optimizations –Creating output pipe once per node, assuming the peer is available –Utilizing JXTA sockets instead of JXTA pipes

Extensible Networking Platform IWAN 2005 Future Work Evaluate security functions of the overlay –Example: Benchmark nodes ability to update firewall rules in the presence of an attack Deploy all three platforms in one testbed environment –Utilize Open Network Labs Testbed for developing high performance network applications –Investigate Hardware Plug-ins

Extensible Networking Platform IWAN 2005 Conclusions Proposed Architecture for Network Configuration and Communication –Overlay network distributing XML messages between devices Developed and deployed framework in network testbed Obtained Preliminary Results –Quantified overhead of JXTA protocol and XML message parsing in publish subscribe network

Extensible Networking Platform IWAN 2005 Acknowledgments Research Group –Reconfigurable Network Group