1 SAHARA and OASIS Overviews NTT MCL Visit November 6, 2003 Randy H. Katz Computer Science Division Electrical Engineering and Computer Science Department University of California, Berkeley Berkeley, CA

2 Presentation Outline Overview of Sahara and Oasis Projects, Randy Authenticated Roaming in Hot Spot Networks, Ana BGP Health Monitoring, Matt RouteVM: A Framework for Programming Programmable Network Elements, Mel Programmable Network Testbed, George iSCSI Performance Experiments, Li

3 The SAHARA Project Service Architecture for Heterogeneous Access, Resources, and Applications

4 New Opportunity: Services-Enabled Network New things you can do inside the network Connecting end-points to “services” with processing embedded in the network fabric “Agents” not protocols, executing inside the network Location-aware, data format aware Controlled violation of layering Distributed architecture aware of network topology No single technical architecture likely to dominate: interworking plus overlays

5 SAHARA “Elevator” Statement Problem –Achieving end-to-end services with desirable, predictable, enforceable properties spanning potentially distrusting service providers Approach –Service composition and inter-operation across separate admin domains, supporting peering and brokering, and diverse business, value-exchange, access-control models Current Focus –Interdomain routing, overlay networks, p2p algorithms –Interoperator WLAN roaming and authentication Potential Impact –Effective way to more rapidly extend and deploy enhanced network functionality

6 Layered Reference Model for Service Composition IP Network Enhanced Links (Intra-domain) Enhanced Paths (Inter-domain) End-to-End Network With Desirable Properties Middleware Services Applications Services End-User Applications Connectivity Plane Application Plane Service Composition Overlay Network “Links”

7 Routing as a Composed Service Routing as a Reachability “Service” –Paths between composed service instances--“links” within an overlay network –Multi-provider environment, no centralized control Desirable Enhanced Properties –Context Awareness: discovery/exploitation of net relationships –Agility: converge quickly in response to global changes to retain good reachability “performance” –Trust: verify believability of routing advertisements –Performance: “guaranteed” bandwidth and latency –Reliability: detect service composition path failures quickly to enable fast recomposition to maintain E2E service –Scalability and Interoperability: Adapt protocols via processing between admin domains

8 Recent Progress Inter-WLAN Roaming and Authentication (Ana) BGP Control Plane Verifiable BGP: Listen and Whisper Root Cause Analysis of Routing Failures (Matt) Detection of Shared Points of Congestion Etiquette for Overlay Networks Fast Recovery for P2P Networks

9 The OASIS Project Overlays and Active Services for Internetworked Storage

10 New Opportunity: “The NETWORK is the Computer” Rise of Programmable Network Elements –First Gen Network Appliances, Directors –Storage Virtualizers, Intrusion Detectors, Traffic Shapers, Server Load Balancers, MIE accountants –Next Gen: Third Party Programmable beyond rules Needed: Generalized PNE programming and control model –Generalized “virtual machine” model for this class of devices –Retargetable for different underlying implementations Applications of Interest –Network Services: L7 switching, firewalls, intrusion and infected machine detection, storage virtualization, network monitoring and management, etc. –Particular focus: network storage, iSCSI support

11 Proliferation of Network Appliances In-the-Network Processing: the NETWORK is the Computer F5 Networks BIG-IP LoadBalancer Web server load balancer Packeteer PacketShaper Traffic monitor and shaper Ingrian i225 SSL offload appliance Network Appliance NetCache Localized content delivery platform Nortel Alteon Switched Firewall CheckPoint firewall and L7 switch Cisco IDS 4250-XL Intrusion detection system Cisco SN 5420 IP-SAN storage gateway Extreme Networks SummitPx1 L2-L7 application switch NetScreen 500 Firewall and VPN

12 OASIS “Elevator” Statement Problem –Common programming/control environment for diverse network elements to realize full power of “inside the network” services and applications Approach –Software toolkit and VM architecture for PNEs, with retargetable optimized backend for diverse appliance-specific architectures Current Focus –Network health monitoring, protocol interworking and packet translation services, iSCSI processing and performance enhancement, intrusion and worm detection and quarantining Potential Impact –Open framework for multi-platform appliances, enabling third party service development –Provable application properties and invariants; avoidance of configuration and “latest patch not installed” errors

13 Generic PNE Architecture Interconnection Fabric Input Ports Output Ports Buffers Tag Mem CP AP Action Processor CP Classification Processor Rules & Programs

14 OASIS Testbed Current Testbed –Alteon Filter Programmable Level 7 Switches »Next generation significantly more third party programmable –2 x Enterprise Class Routers –(Many) pizza box PCs In discussion –Nortel + IBM on Blade Center Storage Servers for UDCs –Cisco IOS Next Generation (ION) Programmable Packet Filters

15 Recent Progress RouteVM PNE Specification (Mel) Oasis Testbed Development (George) iSCSI Storage Experiments (Li) Intrusion Detection Case Study

16 Edge Network Reliable Adaptive Distributed Systems Fox, Jordan, Katz, Necula, Patterson, Stoica, Tygar Distributed Middleware Client SLT Services Distributed Middleware Server Internet IP Network Router Edge Network PNE “Reactive Systems” Observe, Classify, Learn, Act Programming Abstractions For Roll-back Crash-Oriented Svrcs Observation Infrastructure for System SLT Verifiable Protocols Fast Detection & Route Recovery Observation Infrastructure for network SLT Commodity Internet OperatorUser Application- Specific Overlay Network Observation & Control Points

17 SAHARA and OASIS Randy H. Katz Thank You!