Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS 268: Active Networks Ion Stoica May 6, 2002 (* Based on David Wheterall presentation from SOSP ’99)

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "CS 268: Active Networks Ion Stoica May 6, 2002 (* Based on David Wheterall presentation from SOSP ’99)"— Presentation transcript:

1 CS 268: Active Networks Ion Stoica May 6, 2002 (* Based on David Wheterall presentation from SOSP ’99)

2 istoica@cs.berkeley.edu2 Motivations  Changes in the network happen very slowly  Why? -Network services are end-to-end At the limit, a service has to be supported by all routers along the path Chicken-and-egg problem: if there aren’t enough routers supporting the service, end-hosts won’t benefit -Internet network is a shared infrastructure Need to achieve consensus (IETF)

3 istoica@cs.berkeley.edu3 Motivations  Proposed changes that haven’t happened yet: -Support for congestion control (RED ‘93) -IP security (IPSEC ‘93) -More addresses (IPv6 ‘91) -Multicast (IP multicast ‘90)

4 istoica@cs.berkeley.edu4 Goals  Make it easy to deploy new functionalities in the network  accelerate the pace of innovation  Allow users to customize their services

5 istoica@cs.berkeley.edu5 Solution  Active networks (D. Tannenhouse and D. Wetherall ’96): -Routers can download and execute remote code -At extreme, allow each user to control its packets User 2: Multicast User 1: RED

6 istoica@cs.berkeley.edu6 An Active Node Toolkit: ANTS  Add active nodes to infrastructure IP routersActive nodes

7 istoica@cs.berkeley.edu7 Active Nodes  Provide environment for running service code -Soft-storage, routing, packet manipulation  Ensure safety -Protect state at node; enforce packet invariants  Manage local resources -Bound code runtimes and other resource consumptions

8 istoica@cs.berkeley.edu8 Where Is the Code?  Packets carry the code -Maximum flexibility -High overhead  Packets carry reference to the code -Reference is based on the code fingerprint: MD5 (128 bits) -Advantages: Efficient: MD5 is quick to compute Prevents code spoofing: verify without trust packet code packet code reference

9 istoica@cs.berkeley.edu9 Code Distribution  End-systems pre-load code  Active nodes load code on demand and then cache it previous node loading node request time packet code responses packet

10 istoica@cs.berkeley.edu10 Lesson Learned  Applications  Performance  Security and resource management

11 istoica@cs.berkeley.edu11 Applications  Well-suited to implement protocol variations  But, not to enforce global policies and resource control (e.g., fire-walls and QoS) -Need a central authority to implement these functionalities  Application examples: auctions, reliable multicast, mobility,…

12 istoica@cs.berkeley.edu12 Performances  ANTS implemented in Java  In common case little overhead: -Extra steps over IP (classification, safe eval) run very fast  Enough cycles to run simple programs -e.g. 1GHz, 1Gbps, 1000b, 100%  1000 cycles; 10%  10000 cycles

13 istoica@cs.berkeley.edu13 Security and Resource Mgmt.  Untrusted users  need to isolate their actions  Protection: make sure that one program does not corrupt other program -Node level protection -Network level protection

14 istoica@cs.berkeley.edu14 Node Level Protection  Relatively easy to solve -Allocate resources among users and control their usage Fair Queueing, per-flow buffer allocation -Use light weight mechanisms: sand-box, safe-type languages, Proof Carrying Code (PCC): PCC can also provide timeliness guarantees e.g., can demonstrate that an operation cannot take more time/space than predifined constants  Note: fundamental trade-off between protection and flexibility -Example: if a node uses FQ to provide bandwidth protection, it will constrain the delays experienced by a user

15 istoica@cs.berkeley.edu15 Network Level Protection  More difficult to achieve  Challenge: enforce global behavior of a program only with local checks and control  Main problem: programs very flexible. Active nodes can: -Affect routing behavior (e.g., mobile IP) -Generate new packets (e.g. multicast)

16 istoica@cs.berkeley.edu16 Examples  Loops as a result of changes in routing behavior  Resource wastage as a result of misbehaving multicast programs -Multicast height k, a node can generate up to m copies  total number of packets can be O(m k ) !  Local solutions not enough -TTL too weak; unaware about topology -Fair Queueing offers only local protection

17 istoica@cs.berkeley.edu17 Solution  Program certification by a central authority  Limitations: -Slows innovation, but still better than what we have today -Dealing with a misbehaving node still remains difficult

18 istoica@cs.berkeley.edu18 Restricting Active Networks  Allow only administrators, or privileged users to inject code -Router plugins, active bridge  Restrict affecting only the control plane  increase network manageability -SmartPackets -Netscript

19 istoica@cs.berkeley.edu19 Active Networks vs. Overlay Networks  Key difference: -Active nodes operate at the network layer; overlay nodes operate at the application layer  Active Networks advantages: -Efficiency: no need to tunnel packets; no need to process packets at layers other than the network layer  Overlay Network advantages: -Easier to deploy: no need to integrate overlay nodes in the network infrastructure Active nodes have to collaborated (be trusted) by the other routers in the same AS (they need to exchange routing info)

20 istoica@cs.berkeley.edu20 Conclusions  Active networks -A revolutionary paradigm -Explores a significant region of the networking architecture design space  But, is the network layer the right level to deploy it? -Maybe, but only if all (congested) routers are active… -Otherwise, overlays might be good enough…

Download ppt "CS 268: Active Networks Ion Stoica May 6, 2002 (* Based on David Wheterall presentation from SOSP ’99)"

Similar presentations

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
IPv4 to IPv6 Migration strategies. What is IPv4  Second revision in development of internet protocol  First version to be widely implied.  Connection.

IPv4 to IPv6 Migration strategies. What is IPv4  Second revision in development of internet protocol  First version to be widely implied.  Connection.
Page 1 / 14 The Mesh Comparison PLANET’s Layer 3 MAP products v.s. 3 rd ’s Layer 2 Mesh.

Page 1 / 14 The Mesh Comparison PLANET’s Layer 3 MAP products v.s. 3 rd ’s Layer 2 Mesh.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee 2007. 04. 23.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.

UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.
1 Improving the Performance of Distributed Applications Using Active Networks Mohamed M. Hefeeda 4/28/1999.

1 Improving the Performance of Distributed Applications Using Active Networks Mohamed M. Hefeeda 4/28/1999.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.

Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.
15-441: Computer Networking Lecture 26: Networking Future.

15-441: Computer Networking Lecture 26: Networking Future.
CS 268: Lecture 5 (Project Suggestions) Ion Stoica February 6, 2002.

CS 268: Lecture 5 (Project Suggestions) Ion Stoica February 6, 2002.
Internet Indirection Infrastructure Ion Stoica UC Berkeley.

Internet Indirection Infrastructure Ion Stoica UC Berkeley.
15-744: Computer Networking L-6 Routing Issues. L -6; 2-26-02© Srinivasan Seshan, 20022 New Routing Ideas Border Gateway Protocol (BGP) cont. Overlay.

15-744: Computer Networking L-6 Routing Issues. L -6; © Srinivasan Seshan, New Routing Ideas Border Gateway Protocol (BGP) cont. Overlay.
1 Hybrid Resource Control for Active Extensions Parveen Patel Jay Lepreau University of Utah.

1 Hybrid Resource Control for Active Extensions Parveen Patel Jay Lepreau University of Utah.
CS 268: Future Internet Architectures Ion Stoica May 1, 2006.

CS 268: Future Internet Architectures Ion Stoica May 1, 2006.
Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.

Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.
IPv6 and Overlays EE122 Introduction to Communication Networks Discussion Section.

IPv6 and Overlays EE122 Introduction to Communication Networks Discussion Section.
Capsule-based Active Networks: What have we learned? David Wetherall University of Washington.

Capsule-based Active Networks: What have we learned? David Wetherall University of Washington.
1 Future Internet Architectures: Toward an Architecture-Agnostic Architecture Jennifer Rexford Princeton University

1 Future Internet Architectures: Toward an Architecture-Agnostic Architecture Jennifer Rexford Princeton University
CS 268: Active Networks & Overlay Networks

CS 268: Active Networks & Overlay Networks
CS 268: Project Suggestions Ion Stoica February 6, 2003.

CS 268: Project Suggestions Ion Stoica February 6, 2003.

Similar presentations

Ads by Google