Oct 11, 2000 1 OpenSig, Napa, California Silicon-based Programmable Routers: What have we learned? Tal Lavian - Nortel Networks Labs

Slides:



Advertisements
Similar presentations
NetServ Dynamic in-network service deployment Henning Schulzrinne (Columbia University) Srinivasan Seetharaman (Georgia Tech) Volker Hilt (Bell Labs)
Advertisements

UTC-N Overview of Campus Networks Design.
Contents Shortcomings of QoS in the Current Internet About OpenFlow
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
August Extensible Router Workshop – Princeton University Open Networking Better Networking Through Programmability Extensible Router Workshop Princeton.
Enabling Active Networks Services on A Gigabit Routing Switch Tal Lavian and the Openetlab Team.
1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.
Open Innovation via Java-enabled Network Devices Tal Lavian
Chapter 15 Chapter 15: Network Monitoring and Tuning.
1 K. Salah Module 4.0: Network Components Repeater Hub NIC Bridges Switches Routers VLANs.
Data Communications I & II Project Sequence Tom Costello.
Rob Jaeger, University of Maryland, Department of Computer Science 1 Active Networking “ The active network provides a platform on which network services.
Unified Device Management via Java-enabled Network Devices Tal Lavian Rob Duncan Bay Architecture Lab, Santa.
1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.
Remote Monitoring and Desktop Management Week-7. SNMP designed for management of a limited range of devices and a limited range of functions Monitoring.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Chapter 4: Managing LAN Traffic
Communications Recap Duncan Smeed. Introduction 1-2 Chapter 1: Introduction Our goal: get “feel” and terminology more depth, detail later in course.
1 Service-enabled Networks Service-enabled Networks From The Network to My Network.
IPv6 Deployment Plan The Global IPv6 Summit 2001.
Common Devices Used In Computer Networks
Top-Down Network Design Chapter Nine Developing Network Management Strategies Oppenheimer.
1 IEEE LAN/ MAN Banf 1998 Open Java-Based Intelligent Agent Architecture for Adaptive Networking Devices Tal Lavian, Bay Architecture Lab
Active Network Node in Silicon-Based L3 Gigabit Routing Switch Active Network Node in Silicon-Based L3 Gigabit Routing Switch 1 UC Berkeley Engineering.
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
Dec. 3-5, DARPA AN PI Meeting Active Nets Technology Transfer through High-Performance Network Devices Tal Lavian - Nortel Networks.
May 28-29, DANCE Exposition Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines Tal Lavian - Nortel Networks.
NICTA-SEACS Seminar D. B. Hoang Advanced Research in Networking IICT – Faculty of IT University of Technology, Sydney A Programmable Platform for Internet.
To be smart or not to be? Siva Subramanian Polaris R&D Lab, RTP Tal Lavian OPENET Lab, Santa Clara.
Chapter 8: Virtual LAN (VLAN)
NETWORKING COMPONENTS AN OVERVIEW OF COMMONLY USED HARDWARE Christopher Johnson LTEC 4550.
Threaded Case Study for Phoenix, AZ. School District Sunny Slope & Sunset Elementary present by Todd Thousand, Bill Siepel, and Jeff Moore.
Management for IP-based Applications Mike Fisher BTexaCT Research
Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Introducing Network Design Concepts Designing and Supporting Computer Networks.
PRESENTATION ON:- INTER NETWORK Guided by: Presented by:- Prof. Ekta Agrwal Dhananjay Mishra Prafull Jain Vinod Kumawat.
8/15/99 1 Stanford, Hot Interconnect Open Programmable Architecture for Java-enabled Network Devices A Revolution! Tal Lavian Technology Center Nortel.
9/29/99 1 Santa Clara University Open Programmable Architecture for Java-enabled Network Devices Tal Lavian Technology Center Nortel Networks
Cisco S3C3 Virtual LANS. Why VLANs? You can define groupings of workstations even if separated by switches and on different LAN segments –They are one.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introducing Network Design Concepts Designing and Supporting Computer Networks.
1 Integrating Active Networking and Commercial-Grade Routing Platforms The University of Maryland Rob Jaeger J.K. Hollingsworth Bobby.
1 ECE453 - Introduction to Computer Networks Lecture 1: Introduction.
9/29/99 1 Openet Center - Java-enabled Network Devices Open Programmable Architecture for Java-enabled Network Devices Tal Lavian Technology Center
1 Microsoft Windows 2000 Network Infrastructure Administration Chapter 4 Monitoring Network Activity.
Openly Programmable devices enable new types of intelligence on the network.
Chapter 4 Version 1 Virtual LANs. Introduction By default, switches forward broadcasts, this means that all segments connected to a switch are in one.
Open Programmable Architecture for Java-enabled Network Devices Tal Lavian Technology Center
1 010/02 Aspect-Oriented Interceptors Pattern 1/4/2016 ACP4IS 2003John Zinky BBN Technologies Aspect-Oriented Interceptors Pattern Dynamic Cross-Cutting.
RMON 1. RMON is a set of standardized MIB variables that monitor networks. Even if RMON initially referred to only the RMON MIB, the term RMON now is.
1 Java-enable Network Devices Programmable Network Node: Applications 1 Technology Center, Enterprise Solutions, Nortel Networks 2 Department of Computer.
Unified Device Management via Java-enabled Network Devices Tal Lavian Rob Duncan.
9/29/99 1 Open Programmable Architecture for Java-enabled Network Devices A Revolution! Tal Lavian Technology Center
Access Link Capacity Monitoring with TFRC Probe Ling-Jyh Chen, Tony Sun, Dan Xu, M. Y. Sanadidi, Mario Gerla Computer Science Department, University of.
Active Networks Jennifer Rexford. Nice Quotation from the Tennenhouse Paper There is presently a disconnect between what users consider to be “inside”
Submitted by : yateendra sahu Et&T 7 th B R/N :
Connectors, Repeaters, Hubs, Bridges, Switches, Routers, NIC’s
Introduction to “Tap – Dance ”. Company Proprietary Presentation Topics  Introduction  Handover scenarios  Inter-Network Handover consequences  Common.
Tal Lavian Openet: Nortel Network, Advanced Technology Lab Open Networking through Programmability.
1 Dynamic Classification in a Silicon-Based Forwarding Engine Technology Center, Nortel Networks & The University of Maryland Rob Jaeger
Network Concepts.
InterVLAN Routing 1. InterVLAN Routing 2. Multilayer Switching.
University of Maryland College Park
Unified Device Management via Java-enabled Network Devices
Tal Lavian Nortel Network, Advanced Technology Lab
Network Administration CNET-443
Chapter 9 Internetworking
Software Defined Networking (SDN)
Connectors, Repeaters, Hubs, Bridges, Switches, Routers, NIC’s
Integrating Active Networking and Commercial-Grade Routing Platforms
Intelligent Network Services through Active Flow Manipulation
Presentation transcript:

Oct 11, OpenSig, Napa, California Silicon-based Programmable Routers: What have we learned? Tal Lavian - Nortel Networks Labs More info: Franco Travostino, Phil Wang, Rob Duncan

Oct 11, OpenSig, Napa, California We are part of research organization. This talk describes exploratory research. Nortel makes no commitment to turn this technology into products. Nortel makes no commitment to do anything with the ideas described in this talk. Usual Disclaimer

Oct 11, OpenSig, Napa, California What have we learned? We have implemented programmable (Java) Gigabit Routing Switch (backplane 256 Gbs) Infinite Bandwidth, Wire speed routing & Streaming media, drive New Types of intelligence on programmable network device Dynamic monitoring and modification of silicon knobs —The granularity is streams and not packets —Short time granularity (part of apps and not human intervention, keyboard, telnet, cli, snmp)

Oct 11, OpenSig, Napa, California Agenda Programmability - market drivers Infinite bandwidth drives the need for programmability Architecture Separation of Control and Data planes Example - Dynamic Classification Summary

Oct 11, OpenSig, Napa, California IBM CDC Digital Amdel Applications OSs Peripherals Hardware 1980s - Vertical Industry 2000s - Horizontal Industry Industry Movement from Vertical toward Horizontal Markets

Oct 11, OpenSig, Napa, California Incomplete transformation; the inflection point is quickly approaching … Cisco Nortel Juniper 3Com Network & Mgmt services Embedded OS System ASICs “00 Vertical Network Industry Horizontal Network Industry Inflection Points Ahead of Us

Oct 11, OpenSig, Napa, California Infinite Bandwidth Infinite Bandwidth Why this change the playground? Are we ready for streaming media on the net? –Peer to Peer – Napster, 6000 radio stations –Streaming video, multicast, Napster video is coming –Web traffic will be minor (streaming is constant) 3-4 orders of magnitudes bandwidth growth in many dimensions – Access – Cable, DSL, 3G – (28kbs  10mbs, 1.5mbs, 384kbs) – Core – Optical bandwidth - (155mbs  1Tbs) – LAN – (10mbps  10Gbps) Silicon Wire-speed routing

Oct 11, OpenSig, Napa, California Bottlenecks in Programmable Routing The streaming media demand & the infinite bandwidth will drive the need for programmability and dynamic services on the net Need programmability to drive this booming demand. Software based routers can’t do it. Unlike Linux routers and software based routers, we can’t add software to the data plane —Data plane : Wire speed silicon forwarding, multi Gigabit —Control plane : –Can’t see the data in wire speed. –Can dynamically modify the silicon knobs

Oct 11, OpenSig, Napa, California Programmable Services - Locations Service-enablement will prove most effective where “impedance mismatches” occur in the network — Optical vs. Wireline (3-4 oom) — Wireline vs. wire-less (3-4 oom) — Secure vs. non-secure — Customer-premises vs. Content-provider-land (3-4 oom) — SLA (x) vs. SLA (y) — Resource-constrained vs. unwashed unlimited computing A service-enabled box can wear multiple hat oom – Order of Magnitude

Oct 11, OpenSig, Napa, California Emancipation of a Router It all started from old-world, vertically-integrated code. ASICs/Processors Proprietary Apps Proprietary NOS

Oct 11, OpenSig, Napa, California Routers Emancipation Extroverted APIs extend a commodity Java runtime. Extroverted APIs Introverted APIs APIs ASICs/Processors Forwarding Engine JVM JAPIs ISV’s Software

Oct 11, OpenSig, Napa, California Java-enabled Device Architecture Operation System JVM Oplet Oplet Runtime Env Download Hardware Routing Code Native APIs Oplet

Oct 11, OpenSig, Napa, California Network Device Dynamic loading Example: Downloading Intelligence Example: Downloading Intelligence HW OS JVM React Monitor Authentication Security Intelligence application

Oct 11, OpenSig, Napa, California Separation of Control and Forwarding Planes Centralized, CPU-based Router Forwarding-Processors Based Router Based Router Control + Forwarding Functions combined Control separated from forwarding CPU Routing SW CPU Control Plane Forwarding Processor Forwarding Processor Forwarding Processor SlowWire Speed

Oct 11, OpenSig, Napa, California Switching Fabric CPU System Forwarding Plane (Wire Speed Forwarding) Forwarding Processor Forwarding Rules Statistics &Monitors Forwarding Processor Forwarding Rules Statistics &Monitors Forwarding Processor Forwarding Rules Statistics &Monitors... Programmable Networking Control Plane ORE Network Services Traffic Packets Filtered packetsNew rules JFWD

Oct 11, OpenSig, Napa, California But Java is Slooowwwww Not appropriate in the fast-path data forwarding plane —forwarding is done by ASICs or NPUs —packet processing not affected Java applications run on the CPU —Packets designated for Java application are pushed into the control plane

Oct 11, OpenSig, Napa, California Simple Example: Fine grain monitoring Imagine a SNMP-based network with: —100 nodes —each node with 100 ports —each port with 100 conditions —all being checked 100 times a second That’s 10 billion SNMP variable accesses every second. And that’s a significant load on the NMS and the network as a whole. It’s not going to work.

Oct 11, OpenSig, Napa, California Switching Fabric CPU Wire Speed Forwarding Processor Forwarding Rules Statistics &Monitors Forwarding Processor Forwarding Rules Statistics &Monitors Forwarding Processor Forwarding Rules Statistics &Monitors Control Plane... Silicon-based Forwarding Engines

Oct 11, OpenSig, Napa, California Real-time Forwarding Stats and Monitors CPU SW HW Apps Forwarding Processor Forwarding Rules Statistics &Monitors Forwarding Processor Forwarding Rules Statistics &Monitors Forwarding Processor Forwarding Rules Statistics &Monitors

Oct 11, OpenSig, Napa, California Dynamic Classification Objectives Implement flow performance enhancement mechanisms without introducing software into data forwarding path —Service defined packet processing in a silicon-based forwarding engine —Dynamic packet classifier

Oct 11, OpenSig, Napa, California Dynamic - On the Fly Configuration Forwarding Processor Forwarding Processor Packet PolicyFilters Dynamic Apps Packet Filte r

Oct 11, OpenSig, Napa, California 5-tuple Filtering List Source Address Source Port Destination Address Destination Port Protocol Copy the packet to the control plane Don't forward the packet Set TOS field Set VLAN priority Adjust priority queue JFWD 5-tuple Filtering Dynamic Filtering Layer 4-7 in new hardware Utilize Network Processors capabilities

Oct 11, OpenSig, Napa, California Experimental Setup 100 Mbps Source 2 tcp_send() 100 Mbps Destination 1. tcp_recv() 2. tcp_recv() Source 1 tcp_send() Acclear 1100B Routing Switch 100 Mbps Rob Jaeger, Jeff Hollingsworth, Bobby Bhattacharjee - University of Maryland

Oct 11, OpenSig, Napa, California Streams Programmability

Oct 11, OpenSig, Napa, California Dynamic Classification Identify real-time flows (e.g. packet signature or flowId ) 1Use CarbonCopy filters to deliver multimedia control protocols to control plane –e.g. SIP, H.323. RTCP –Determine dynamically assigned ports from control msgs 2Use CarbonCopy filters to sample a number of packets from the physical port and identify RTP packets/signature Set a packet processing filter for packet signature to: —adjust DS-byte OR —adjust priority queue

Oct 11, OpenSig, Napa, California Dynamic Classification Without introducing software into data path we performed Dynamic Classification of flows in a Silicon-Based Gigabit Routing Switch —Introduced a new service to a Gigabit Routing Switch —Identified real-time flows —Performed policy-based flow behavior classification —Adjusted DS-byte value —Showed that flow performance can be improved Let Open Programmability and Innovation to build end-to-end network solutions and services

Oct 11, OpenSig, Napa, California Nortel’s Openet.lab It’s an incubator for service-enabled network nodes and sample services It provides: —JVM-emancipated prototypes of Nortel routers —Java APIs to MIBs —Java APIs to Forwarding Planes, packet capturing —A runtime environment for downloaded code Open Source at

Oct 11, OpenSig, Napa, California Closing remark Back then, thrust wasn’t a problem; control was. Likewise, network bandwidth isn’t the problem, control is. It demands our collective efforts Wright brothers 1904

Oct 11, OpenSig, Napa, California Q&A

Oct 11, OpenSig, Napa, California Appendix

Oct 11, OpenSig, Napa, California Multiple points of view NMS AB It is possible for node A to lose network “visibility” to node B, even though the NMS has visibility to both The NMS is the traditional PoV for observing the network Being able to move the management PoV out of the NMS and into the managed nodes would help

Oct 11, OpenSig, Napa, California Mobile diagnostics Similar to multiple points of view Blocking DoS at ingress into the network is best Inject mobile agent into the network at the node where the DoS is first detected The agent moves from node to node towards the DoS traffic source A bit like an immune system

Oct 11, OpenSig, Napa, California Active Intrusion Detection Intruder is identified by Intrusion Detection software Intruder signature is identified Mobile agent is dispatched in direction of intruder (based on physical port of entry) Mobile agent “chases” and terminates intruder (shuts down link, reboot host, notify NMS)

Oct 11, OpenSig, Napa, California Diagnostic Mobile Agents Automatic trace-route from edge router where problem exists —Each node reached generates a report to NMS —Trace-route code “moves” to next node in path —Mobile agents identify router health —Create logs for NMS

Oct 11, OpenSig, Napa, California Apps - Routing Relationship Download Oplet Service to the router. Monitor router locally Report “events” to App server Allow Service to take action Download application Adjust parameters based on direction from app server Monitor Appropriate Application Download Complex Condition Exceeded App Server router Extensive access to internal resources

Oct 11, OpenSig, Napa, California Collaboration with Applications New paradigm of distributed applications Network devices collaborating with applications Application aware routing JVM Servers RMI, XML, CORBA Apps Routers Switches JVM Apps Apps Server Oplet

Oct 11, OpenSig, Napa, California Router Server Collaboration Supports distributed computing applications in which network devices participate —router to router —server to router Supports Intelligent Agents Supports Mobile Agents Java-based Application Java-based Application Java-based Application

Oct 11, OpenSig, Napa, California Strong Security in the New Model The new concept is secure to add 3rd party code to network devices —Digital Signature —Administrative “Certified Optlet” —No access out of the JVM space —No pointers that can do harm —Access only to the published API —Verifier - only correct code can be loaded —Class loader access list —JVM has run time bounds, type, and execution checking

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.