1. 1 The Post-PC Era: It’s About The Services Randy H. Katz Computer Science Division Electrical Engineering and Computer Science Department University of California, Berkeley Berkeley, CA 94720-1776

2. 2 Presentation Outline Heterogeneity in Devices and Networks A New Service Architecture: SAHARA Reachability as a Service New Directions Summary and Conclusions

3. 3 Presentation Outline Heterogeneity in Devices and Networks A New Service Architecture: SAHARA Reachability as a Service New Directions Summary and Conclusions

4. 4 The Old Days All will demand broadband Internet connectivity Shape of Things Today: Diverse Appliances and Devices Game Consoles Personal Digital Assistants Digital VCRs Communicators Smart Telephones E-Toys … and 10BaseT won’t be sufficient

5. 5 Ever More Sophisticated Mobile Phones Graphical UI/Joystick control Voice dialing, voice recognition, voice recorder Integrated digital camera w/ 640 x 480 res image capture IR + Bluetooth + Phone2Phone + Phone2PC Java-support for 3 rd party apps WAP + High-speed data over GSM + HSCSD + GPRS But often you need to compute! Screen. Keyboard. Storage Nokia 7650 Nokia 7600

6. 6 High-tier Low-tier High Mobility Low Mobility Wide Area Local Area Promise: Ubiquitous Connectivity Seamless data mobility among local and wide- area wireless networks via Mobile IP handoff –Two orthogonal technologies: »High speed data over cellular for high mobility, wide-area coverage »Even higher speed data over WLAN hot spots for low mobility, local area coverage

7. 7 Network Services: Communications

8. 8 Network Services: Access

9. 9 Best Implementation Method: the Internet Programming Model Service composition across the network –Network-aware Distributed System architecture Bottlenecks near edge, not core –Service deployment points close to where used –Service implementation topology-aware Enabled by: –Computing embedded in communications fabric: distributed, wide-area, topology-aware –Emerging class of programmable network elements –Per session characterization, processing, prioritization, monitoring, management, billing

10. 10 Access Networks Core Networks Internet Connectivity and Processing Transit Net Private Peering NAP Public Peering Internet Datacenter PSTN Regional Wireline Regional Voice Cell Cable Modem LAN Premises- based WLAN Premises- based Operator- based H.323 Data RAS Analog DSLAM H.323 Hot Spots PNE

11. 11 Composed Applications: Universal In-box –Message type (phone, email, fax) –Access network (data, telephone, pager) –Terminal device (computer, phone, pager, fax) –User preferences & rules –Message translation & storage Separate end device and network from end-to-end communications service: indirection via composition of translators with access

12. 12 Private Brand Net Operator (MVNO) Single Location Network Operator (SLN) Single Location Network Operator (SLN) Cooperative Networking Full Service Network Operator Full Service Network Operator Challenge: Single Operator vs. “Virtual” Composed Operator Premises-based Access Full Service Network Operator Single Location Network Operator (SLN) SLN Aggregator WISP Aggregator Revenue Sharing Single Sign-on Unified Billing Billing, ECommerce Authentication Inter-site Mobility VPN Operator, Client-Software

13. 13 Challenge: Multiple “Operators” Coordination Issues Top-Down vs. Bottom-Up Network Deployment –Operator vs. aggregator/virtual operator models –Neighborhood cooperative mesh networks Security –Blurring of distinction between public & private networks: rogue APs –Interoperation among service/access providers –End-to-end considerations in untrusted infrastructure –Authorization and billing for multi-party services Resource Management –Unlicensed but ignore coordination at the cost of performance –Radio resource planning and allocation Service Creation and Personalization Platform –Intelligent edge services: service and policy management, user mobility and profiling, charging and billing –Deployments enabled by edge-network programmable network elements

14. 14 Challenge: Agile or Fragile Networking? Baltimore Tunnel Fire, 18 July 2001 –“… The fire also damaged fiber optic cables, slowing Internet service across the country, …” –“… Keynote Systems … says the July 19 Internet slowdown was not caused by the spreading of Code Red. Rather, a train wreck in a Baltimore tunnel that knocked out a major UUNet cable caused it.” –“PSINet, Verizon, WorldCom and AboveNet were some of the bigger communications companies reporting service problems related to ‘peering,’ methods used by Internet service providers to hand traffic off to others in the Web's infrastructure. Traffic slowdowns were also seen in Seattle, Los Angeles and Atlanta, possibly resulting from re-routing around the affected backbones.” –“The fire severed two OC-192 links between Vienna, VA and New York, NY as well as an OC-48 link from, D.C. to Chicago. … Metromedia routed traffic around the fiber break, relying heavily on switching centers in Chicago, Dallas, and D.C.”

15. 15 Evolution of Internet Diversity of devices and access networks –Wireless overlays provide continuum of connectivity –Increasing importance of “services” to mitigate diversity/provide new functionality and customization –Global services via managed composition –Enabled by processing embedded in the network interconnect, locally and globally Multiple service providers/admin domains –No single operator deploys the global service –But can a reliable service be deployed by multiple, uncoordinated providers? Overcoming the reliability bottlenecks

16. 16 Presentation Outline Heterogeneity in Devices and Networks A New Service Architecture: SAHARA Reachability as a Service New Directions Summary and Conclusions

17. 17 The SAHARA Project Service Architecture for Heterogeneous Access, Resources, and Applications

18. 18 SAHARA Goals New mechanisms, techniques for end-to-end services w/ desirable, predictable, enforceable properties spanning potentially distrusting service providers Architecture for service composition and inter-operation across separate administrative domains, supporting peering and brokering, and diverse business, value-exchange, access- control models

19. 19 Exploits the New Opportunities New things you can do inside the network Connecting end-points to “services” with processing embedded in the network fabric “agents” not protocols, executing inside the network Location-aware, data format aware Controlled violation of layering necessary! Distributed architecture aware of network topology No single technical architecture likely to dominate: think overlays, system of systems

20. 20 Isolated Intra-cloud service Traditional unicast peering Administrative domain Admin domain Administrative domain Admin domain Admin domain Overlays: Creating New Interdomain Services Deploy new services above the routing layer –E.g., interdomain multicast management and peering –E.g., alternative connectivity for performance, resilience Planet-Lab

21. 21 Layered Reference Model for Service Composition IP Network Enhanced Links (Intra-domain) Enhanced Paths (Inter-domain) End-to-End Network With Desirable Properties Middleware Services Applications Services End-User Applications Connectivity Plane Application Plane Service Composition Overlay Network “Links”

22. 22 Presentation Outline Heterogeneity in Devices and Networks A New Service Architecture: SAHARA Reachability as a Service New Directions Summary and Conclusions

23. 23 Routing as a Composed Service Composable Interdomain Routing: BGP –Complex policy interactions yield non-optimal routes –Slow convergence to routing changes render parts of the IP address space unreachable for tens of minutes at a time –Vulnerabilities to malicious attacks and unintentional mistakes Routing as a Reachability “Service” –Implementing paths between composed service instances, e.g., “links” within an overlay network –Multi-provider environment, no centralized control Desirable Enhanced Properties –Performance: controlled loss and bandwidth guarantees (OverQoS) –Reliability: detect reachability failure, faster convergence –Security: verify believability of routing advertisements

24. 24 Overlay Approach for Achieving Desirable Performance: OverQoS Embed QoS functionality in Internet via Overlays –Overlay nodes implement QoS functions –No support needed from IP routers Challenges –Nodes not connected to congested points –Have no control over cross-traffic –Cannot avoid losses (reducing sending rate doesn’t help!) Why Overlays? –Previous QoS architectures not deployed globally –Overlay-model empowers third-party providers to provide some form of QoS Lakshmi Subramanian, Hari Balakrishnan, Ion Stoica

25. 25 OverQoS Method Entry Node Exit Node Overlay Traffic Redundant Traffic N-TCP pipe Step 1: Aggregate Loss and Bandwidth Control Flow 2 Flow 1 SchedulerRate Ctrl Step 2: Distribute b/w and loss among flows Lakshmi Subramanian, Hari Balakrishnan, Ion Stoica

26. 26 OverQoS Method Overlay Node Overlay Node Overlay Node Flow 1 Flow 2Flow 3 Step 3: Provide QoS guarantees (b/w,loss) to a flow “bundle” by “stitching” guarantees on overlay links Step 4: Perform QoS-routing of multiple flows with different requirements on overlay network Used successfully to support Counterstrike game Lakshmi Subramanian, Hari Balakrishnan, Ion Stoica

27. 27 Agility in Response to Route Changes: Internet Converges Slowly Convergence Times [Labovitz et al.] –Theory: O(n!) (n: number of ASes) –Practice: linear with the longest backup path length –Measurement: up to 15 minutes Why so slow? –BGP protocol effects: path exploration –Route flap damping!? »Delay convergence of relatively stable routes »Unexpected interaction between flap damping and convergence Morley Mao, Ramesh Govindan, George Varghese

28. 28 Flap Damping (RFC2439) Suppress routes that change too frequently –For each peer, per destination, keep penalty value, increase for each route change (aka “flap”) –Exponential decay Parameters: –Fixed: Penalty increment –Configurable: half-life, suppress-, reuse-threshold, max suppressed time Reuse threshold Time Penalty Suppress threshold Exponentially decayed Morley Mao, Ramesh Govindan, George Varghese

29. 29 Selective Route Flap Damping Flaps occur due to certain topologies among routers causing triggered announcements and withdrawals –Not toy scenarios! Approach: ignore flap sequences indicating path exploration—these likely to trigger more changes in near future Redefine a flap: –“Any route change is considered a flap”  “must alter direction of route preference value change, relative to flaps” –Flaps due to withdrawal: increasing AS_Path lengths, route value keeps decreasing Morley Mao Ph.D. dissertation (AT&T Labs) Morley Mao, Ramesh Govindan, George Varghese

30. 30 Stability achieved through flap damping [RFC2439] BUT unexpected:flap damping delays convergence! Topology: clique of routers Selective flap damping – Duplicate suppression: ignore flaps caused by transient convergence instability – Eliminates undesired interaction without sacrificing stability

31. 31 Can You Depend on Your Routes? BGP Route Verification BGP is highly vulnerable! –Allows ASes to propagate invalid routes that deviate from actual Internet topology –Critical implications for performance and correctness »Misconfigured routers cause long outages Drop packets (“blackholes”) Roughly 6% of misconfigurations cause reachability problems »Malicious routers cause even greater damage Misroute or eavesdrop on traffic Impersonate destinations Collude with other nodes to make detection difficult Lakshmi Subramanian, Ion Stoica, Volker Roth, Scott Shenker

32. 32 “Listen” and “Whisper” One approach: route verification with PKI authentication –Deployment has been difficult –Political issues with single PKI: who controls it? Alternative: route consistency testing to detect suspicious ASes –Listen: “Passive” TCP-probing »Modified nodes watch TCP traffic to detect reachability problems »No modifications to BGP, incrementally deployable »Ineffective for detecting malicious hosts: can’t distinguish between genuine and malicious hosts –Whisper: Advertisements sent consistent with those received »Route advertisement invalid if AS-PATH does not match its propagation path (Mao: true for 8% of observed paths!) »Use redundant net connectivity to verify route consistency Lakshmi Subramanian, Ion Stoica, Volker Roth, Scott Shenker

33. 33 Detection Scenarios Lakshmi Subramanian, Ion Stoica, Volker Roth, Scott Shenker CNN Browser Malicious Node Internet No detection in this case Browser CNN Browser Alarm Alarm and Avoid Adversarial Router on the Regular Path Isolated Adversary Adversary Announcing Many Invalid Routes CNN Browser Reuters Browser

34. 34 Whisper (aka “Telephone”) Alternative Whisper Protocols –Loop Whisper, (Weak/Strong) Split Whisper –Vary in ability to detect malicious behavior given acceptable levels of false positive rate Verifier Originator Intermediary Intermediary’ Route Propagation Advertisements Verifier Originator Intermediary Intermediary’ Loop Testing Advertisements Lakshmi Subramanian, Ion Stoica, Volker Roth, Scott Shenker

35. 35 Presentation Outline Heterogeneity in Devices and Networks A New Service Architecture: SAHARA Reachability as a Service New Directions Summary and Conclusions

36. 36 The OASIS Project Overlays and Active Services for Internetworked Storage

37. 37 New Opportunity: “The Computer is the Network” Emergence of Programmable Network Elements –First Gen Network Appliances, Directors –Storage Virtualizers, Intrusion Detectors, Traffic Shapers, Server Load Balancers, MIE accountants –Next Gen: Third Party Programmable beyond rules Generalized PNE programming and control model –Generalized “virtual machine” model for this class of devices –Retargetable for different underlying implementations Apps of Interest –Network Services: L7 switching, firewalls, intrusion and infected machine detection, storage virtualization, network monitoring and management, etc. –Network storage, iSCSI support –Streaming media transcoding/adaptation –Billing, accounting, stream customization for Mobile Network Edge

38. 38 Proliferation of Network Appliances In-the-Network Processing: the Computer IS THE Network F5 Networks BIG-IP LoadBalancer Web server load balancer Packeteer PacketShaper Traffic monitor and shaper Ingrian i225 SSL offload appliance Network Appliance NetCache Localized content delivery platform Nortel Alteon Switched Firewall CheckPoint firewall and L7 switch Cisco IDS 4250-XL Intrusion detection system Cisco SN 5420 IP-SAN storage gateway Extreme Networks SummitPx1 L2-L7 application switch NetScreen 500 Firewall and VPN

39. 39 OASIS Vision Problem –Common programming/control environment for diverse network elements to realize full power of “inside the network” services and applications Approach –Software toolkit and VM architecture for PNEs, with retargetable optimized backend for diverse appliance-specific architectures Current Focus –Network health monitoring, protocol interworking and packet translation services, iSCSI processing and performance enhancement, intrusion and worm detection and quarantining Potential Impact –Open framework for multi-platform appliances, enabling third party service development –Provable application properties and invariants; avoidance of configuration and “latest patch not installed” errors

40. 40 Generic PNE Architecture Interconnection Fabric Input Ports Output Ports Buffers Tag Mem CP AP Action Processor CP Classification Processor Rules & Programs

41. 41 OASIS Testbed Programmable Networking Testbed –Alteon Filter Programmable Level 7 Switches »Next generation significantly more third party programmable –2 x Enterprise Class Routers –(Many) 1U PCs In discussion –Nortel + IBM on Blade Center Storage Servers for UDCs –Cisco IOS Next Generation (ION) Programmable Packet Filters

42. 42 Presentation Outline Heterogeneity in Devices and Networks A New Service Architecture: SAHARA Reachability as a Service New Directions Summary and Conclusions

43. 43 SAHARA Evolve Internet architecture better supporting multi- network/multi-service provider model –Dynamic environment, many service providers & service instances –Achieve desirable properties across multiple, potentially distrusting (Internet) service providers –Exploit PlanetLab infrastructure to construct wide-area prototype Routing as a composed service –Essential for successfully connecting applications endpoints in a distributed network environment »QoS through Overlays: loss and bandwidth guarantees »Enhanced route reliability through fast convergence »Security: BGP Verification/Detection + Containment

44. 44 New Service Architecture Integrated Communications and Processing Increasing diversity of interconnected devices Increasing importance of “services” to mitigate diversity/provide new functionality and customization –Refocus from performance to reliability/dependendabilty Enabled by processing embedded in the network interconnect, locally and globally –“Active networking” is real Global services via managed composition –Role of multiple service providers and administrative domains –Separation of services from connectivity via overlays –No single operator deploys the global service –Predictable performance and end-to-end reliability

45. 45 The Post-PC Era: It’s About the Services Randy H. Katz Thank You!

46. 46 Any Questions?

47. 47 The Post-PC Era: It’s About The Services Randy H. Katz Computer Science Division Electrical Engineering and Computer Science Department University of California, Berkeley Berkeley, CA 94720-1776

48. 48 Controlled-Loss Virtual Link (CLVL) Two parameters: –Statistical bound on loss rate, q (<= p; typically << p) –Capacity, c(t), possibly time-varying Can prove: if offered load < c(t), then loss rate < q How is c(t) determined? –Given f(t) to be the redundancy factor: c(t) = b(t)( 1- f(t)) Buffer mgmt & Scheduling & Traffic regulator Coder c(t), q De- coder b(t), p(t) Flow 1 Flow 2 Flow n OverQos Node control plane CLVL

49. 49 Characterizing the Internet Hierarchy from Multiple Vantage Points Customer-Provider Relationships –Customer pays provider for Internet access –AS exports customer’s routes to all neighbors –AS exports provider’s routes only to its customers Peer-to-Peer Relationships –Peers exchange traffic between their customers –Free of charge (assumption of even traffic load) –AS exports a peer’s routes only to its customers Sharad Agarwal. Lakshmi Subramanian, Jennifer Rexford

50. 50 These Relationships Matter! Useful for: –Placement of servers for content distribution –Selection of new peers or providers for an AS –Analyzing convergence properties of BGP –Installing route filters to protect against misconfiguration –Understanding basic structure of the Internet Knowing the AS graph is Not Enough –Interdomain routing is not shortest-path routing –Some paths not allowed (e.g., transit through a peer) –Local preference of paths (e.g., prefer customer path) –Node degree does not define the Internet hierarchy Need to Know Relationship between AS Pairs

51. 51 Underlying AS Structure Peer-peer relationships hard to infer –Mislabeling P-P edge as P-C does not change valid path into invalid –Heuristics to detect P-P edges Some unusually relationships –Siblings providing mutual transit –Backup relationship for failed connectivity –Misconfigured conventional relationships –Detect cases by analyzing “invalid” paths Access to large path set is hard –Exploit BGP routing tables from multiple vantage points (10 public BGP tables) April 2001 11K ASs 24K edges 20 AS’s Inner Core 129 AS’s Outer Core 897 AS’s Transit Core Regional ISPs 971 AS’s Customers 8898 AS’s

52. 52 Policy Management for BGP Integrate BGP with Policy Agent control plane –Improved BGP convergence through explicit fail over policies –Constrained routing for performance or trust reasons –Traffic discrimination, low quality vs. high quality connectivity or fair use issues –Load balancing outbound and inbound flows for multi-homed ASs –Sharad Agarwal’s Ph.D. thesis (Sprint ATL) AS PA

53. 53 Policy Control Architecture for InterAS Routing Sharad Agarwal Tremendous growth in multi-ISP connectivity –But slow failover & weak traffic balancing –Bogus announcement & static peering problems Approach : separate policy control architecture –BGP not designed for such issues –Explicit negotiation, traffic & peering intelligence –More flexibility, control, verification Impact : media / application service providers, users –Available connectivity –Manageable congestion

54. 54 Tomography-based Overlay Network Monitoring Yan Chen Given n end hosts on an overlay network and O(n2) paths, how to select a minimal subset of paths to monitor so that the loss rates/latency of all other paths can be inferred. Approach: select a basis set of k path segments that completely describe all O(n 2 ) paths (k = O(n)) –Select and monitor k linearly independent paths to compute the loss rates of basis set –Infer the loss rates of all other paths Find > 97% lossy paths with < 5% false positive Overlay Network Operation Center topology End hosts

55. 55 Performance Characteristics of TCP Throughput for Peer Selection in Peer-to-Peer Networks Weidong Cui Problem –How to select the optimal peer for download from a set of candidates Approach –Evaluate performance of various probing techniques: RTT- based, size-based, time-based –Investigate the relationship between probing parameters and various download file sizes Impact –Improve the performance of p2p networks

56. 56 Underlay Optical Networks Tal Lavian Problem –Radical mismatch between the optical transmission world and the electrical forwarding/routing world. Currently, a single strand of optical fiber can transmit more bandwidth than the entire Internet core. –Mismatch between L3 core capabilities and disk cost. With $2M disks (2PB) can fill the entire core internet for a year Approach –Service architecture interacts with the optical control, provides applications a dedicated, on-demand, point-to-point optical link that is not on the public Internet Current Focus –Grid Computing, OGSA, MEMs, 10GE, Optical technologies –OmniNet testbed in Chicago, which will be connected to major national and international optical networks Potential Impact –Enabling technology for Data-Intensive applications (multi Terabytes)

57. 57 Estimating Shared Congestion Among Internet Paths Sridhar Machiraju Problem –Given two paths in the Internet, estimate the fraction of packet drops at shared points of congestion (PoCs) using probe flows along the paths Approach –Count correlated (simultaneous) packet drops of two probe flows (UDP or TCP) –“Inflate” the fraction using delay jitter correlation Applications using path diversity e.g., multimedia streaming, parallel downloads, etc.

58. 58 Routing Dynamics in Simultaneous Overlay Networks Mukund Seshadri Problem: When is “greedy” overlay-level route selection unstable/inefficient, when multiple such overlay networks interact? Motivation: why will many overlay networks be deployed? –Due to pure Overlay Network protocols (RON[3], Detour[4], ESM[5]) –Due to deployment of overlay primitives (“Path reflection”, i3-arch.) Model and Focus: Overlays make independent decisions; no info. shared. –Size: 50-100 overlay networks; 10-100 nodes each. –App: Multimedia streams, long-lived, need bandwidth level + stability Impact: simple design principles to ease deployment of multiple overlay networks –Randomization of route selection improves stability and loss-rates. »With high path sharing, variation in link b/w, loaded links, low cross- traffic. –Random-subset method improves stability even more, with comparable loss-rate, and lower measurement overhead.