Presentation is loading. Please wait.

Presentation is loading. Please wait.

Peter A. Steenkiste, CMCL, CMU 1 The Darwin Router Control Interface Peter Steenkiste, Jun Gao, Prashant Chandra, Eduardo Takahashi Computer Science Department.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Peter A. Steenkiste, CMCL, CMU 1 The Darwin Router Control Interface Peter Steenkiste, Jun Gao, Prashant Chandra, Eduardo Takahashi Computer Science Department."— Presentation transcript:

1 Peter A. Steenkiste, CMCL, CMU 1 The Darwin Router Control Interface Peter Steenkiste, Jun Gao, Prashant Chandra, Eduardo Takahashi Computer Science Department Department of Electical and Computer Engineering Carnegie Mellon University OPENSIG ‘99 Carnegie Mellon University, October 1999

2 Peter A. Steenkiste, CMCL, CMU 2 Outline l Motivation l Router Control Interface l Security and safety l Conclusion

3 Peter A. Steenkiste, CMCL, CMU 3 Motivation l Open up the network: have a larger community develop services and applications for networks »Not just vendor sofware »Imagine a PC on which you can only run vendor software l Advanced services and applications need customized, runtime resource management support »Quality of execution depends on how resources are managed »Example: Corba + QoS (QuO) at BBN l Network management and control applications. »Support flexible QoS policies, monitoring tools, etc. »Convenient and fast software deployment and upgrading »Example: virtual private network service

4 Peter A. Steenkiste, CMCL, CMU 4 Example: A Virtual Private Network Service ISIEPC UCL CMU DARPA2 MIT UCLAPC LBLPC PARCPC A C D F ISIPC B E G Hierarchical scheduler manages VPN resources Delegates support customized control protocols VPN team: Keng Lim Jun Gao Eugene Ng Hui Zhang Peter Steenkiste

5 Peter A. Steenkiste, CMCL, CMU 5 Virtual Mesh: Resources + Control

6 Peter A. Steenkiste, CMCL, CMU 6 Darwin Node Architecture Route Lookup Classifier + Scheduler Local Resource Manager Beagle Control Delegates Routing Client Beagle Other Routing Entities Applications Other Delegates Router Control Interface Classifier + Action

7 Peter A. Steenkiste, CMCL, CMU 7 Router Control Interface (RCI) l RCI operates on a flow-based network model »Flows are the basic data type: RCI is an instruction set that operates on flows »Flow is defined using IP and transport layer header fields l Four categories of functions »Collecting information –Bandwidth usage, Monitor queue length, etc. »Local resource management actions –Set QoS parameters, selectively drop packets, etc. »Flow redirection –Tunneling, flow redirecting to delegate, route changes, etc. »Inter-delegate communication –Allow delegates to interact with peers and endpoints

8 Peter A. Steenkiste, CMCL, CMU 8 Darwin Delegate Implementation l Implemented as Java code segments »Also more restricted support for C delegates l Delegate runtime environment based on a Java Virtual Machine »RCI is implemented as a set of C native methods »Use Java sandboxing for basic safety support l Delegates can be dynamically installed by the Beagle signaling protocol »Client specifies the delegates as part of the mesh »Beagle carries delegate bytecode to routers »Verifies, instantiates and initializes delegates

9 Peter A. Steenkiste, CMCL, CMU 9 A Hierarchical Network Model l Hierarchical resource management in support of service hierarchies »Translates into a hierarchy of meshes »Representation on a router is a resource tree »Realized using the Hierarchical Fair Service Curve Scheduler (HFSC) l Delegates are associated with nodes in the resource tree »Scheduler provides isolation of network resource (data plane) »Delegates provide isolation of resource management and control (control plane) Control Delegates Hierarchical Resource Tree Link Org 1 Org 2 App 1 Flow 1

10 Peter A. Steenkiste, CMCL, CMU 10 Delegate Examples l Selective packet dropping for MPEG video streams »Monitoring, selective dropping l Dynamic control of MJPEG video encoding »Monitoring, control/data delegates coordination l Selective dropping of non-adaptive flows »Monitoring, selective dropping, inter-delegate communication l Load-sensitive flow redirecting »Monitoring, inter-delegate communication l On-going projects »QoS virtual private networks, active monitoring, etc.

11 Peter A. Steenkiste, CMCL, CMU 11 Comparison with Related Projects l Active Nets node architecture (Peterson) »The delegate runtime environment can be viewed as an execution environment that handles “control” packets »“Data” packets follow the “cut through” path »What path that a packet takes through the router is controlled through a general classifier on the input port l Pronto (Hjalmtysson) »It has a similar architecture but has a stronger coupling between data/control plane »Darwin hierarchy provides more structure l Active signaling (Braden) »Also control and data plane separation but single network wide control »Focus on controlling versions instead of customization

12 Peter A. Steenkiste, CMCL, CMU 12 Security and Safety: Where is the Problem? l Everywhere! »Harm the base router or other users (crash, corrupt,..) »Allocate or use other user’s resources »Affect the treatment of other user’s traffic l We focus is on traffic management related threats »Other groups are addressing some of the other issues. –E.g., allocation of CPU time, efficient safety mechanisms,.. l Address the problem piece-wise by looking at an increasingly more powerful delegate »Delegates perform only local actions »Delegates can also perform global actions »Delegates can create peers and delegate responsibility.

13 Peter A. Steenkiste, CMCL, CMU 13 Local Actions Only l Beagle creates all delegates and sets up all permissions l Delegates can modify flow definitions and resource allocations »Modify flow weights,.. »Control over an output port (roughly) l Probably useful to have different levels of permission: »monitor traffic only »modify weights »change structure of the tree »peek at contents of packets Classifier + Scheduler Local Resource Manager Beagle Control Delegates Routing Router Control Interface Classifier + Action

14 Peter A. Steenkiste, CMCL, CMU 14 Local Actions Only: Possible Solutions l Leverage the hierarchical resource management abstraction l Beagle must verify that client can add a node and associated delegate »Check with owner of the parent l Runtime checking for every delegate RCI call »Is the call allowed on this resource? »Does the flow filter only match traffic that is controlled by this delegate l Usual runtime versus install time verification tradeoff »Fewer runtime checks for trusted code Control Delegates Hierarchical Resource Tree Link Org 1 Org 2 App 1 Flow 1

15 Peter A. Steenkiste, CMCL, CMU 15 Global Actions l Beagle creates all delegates and sets up all permissions l Delegates can redirect flows »Example: routing delegates in a VPN service application »Affects what parts of the network are used: RCI is used for distributed programming »Changes input port functions l How to implement? »Tunneling seems manageable »Routing is more difficult! –How many routing tables? –How do you control and verify changes to a shared routing table? –What is the right model? Classifier + Scheduler Local Resource Manager Beagle Control Delegates Routing Router Control Interface Classifier + Action

16 Peter A. Steenkiste, CMCL, CMU 16 Global Actions: Possible Solutions l Restricted delegate actions to stay inside the mesh »Only affect traffic and only use links that are part of the mesh »Delegate has choice of outgoing link and path l Demonstrated this capability for the VPN services application »Use multiple routing daemons and forwarding tables »view of each routing daemon is restricted to its mesh

17 Peter A. Steenkiste, CMCL, CMU 17 Delegation l Beagle is no longer the only manager of delegates or delegate permissions »It is “only” the signaling protocol for the root node l Delegates for interior nodes can also manage delegates and their permissions »Delegate authority, create peers or delegates for children,.. l Example: A VPN-specific signaling protocol creates delegates l Solution will have to combine local protection with “space” or mesh aspect. Control Delegates Hierarchical Resource Tree Link Org 1 Org 2 App 1 Flow 1

18 Peter A. Steenkiste, CMCL, CMU 18 Conclusion l Darwin delegates support the development of customized network control protocols »Use the RCI to affect the data forwarding path l Key question: what router functions do you want to be able to “delegate” (securely) »Resource management and QoS? »Routing? »Signaling and delegate management? »Desired degree of customization depends on user »Security becomes harder as you expand the scope l Version 1.0 of Darwin is available »http://www.cs.cmu.edu/~darwin »includes the HFSC scheduler, Beagle, and the delegate runtime environment

Download ppt "Peter A. Steenkiste, CMCL, CMU 1 The Darwin Router Control Interface Peter Steenkiste, Jun Gao, Prashant Chandra, Eduardo Takahashi Computer Science Department."

Similar presentations

NetServ Dynamic in-network service deployment Henning Schulzrinne (Columbia University) Srinivasan Seetharaman (Georgia Tech) Volker Hilt (Bell Labs)

NetServ Dynamic in-network service deployment Henning Schulzrinne (Columbia University) Srinivasan Seetharaman (Georgia Tech) Volker Hilt (Bell Labs)
Middleware and Management Support for Programmable QoS-Network Architectures Miguel Rio (joint work with Hermann De Meer, Wolfgang Emmerich, Cecilia Mascolo,

Middleware and Management Support for Programmable QoS-Network Architectures Miguel Rio (joint work with Hermann De Meer, Wolfgang Emmerich, Cecilia Mascolo,
Access Control 1. Given Credit Where It Is Due Most of the lecture notes are based on slides by Dr. Daniel M. Zimmerman at CALTECH Some slides are from.

Access Control 1. Given Credit Where It Is Due Most of the lecture notes are based on slides by Dr. Daniel M. Zimmerman at CALTECH Some slides are from.
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
Internetworking II: MPLS, Security, and Traffic Engineering

Internetworking II: MPLS, Security, and Traffic Engineering
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Page 1 / 14 The Mesh Comparison PLANET’s Layer 3 MAP products v.s. 3 rd ’s Layer 2 Mesh.

Page 1 / 14 The Mesh Comparison PLANET’s Layer 3 MAP products v.s. 3 rd ’s Layer 2 Mesh.
PlanetLab Operating System support* *a work in progress.

PlanetLab Operating System support* *a work in progress.
SEEDING CLOUD-BASED SERVICES: DISTRIBUTED RATE LIMITING (DRL) Kevin Webb, Barath Raghavan, Kashi Vishwanath, Sriram Ramabhadran, Kenneth Yocum, and Alex.

SEEDING CLOUD-BASED SERVICES: DISTRIBUTED RATE LIMITING (DRL) Kevin Webb, Barath Raghavan, Kashi Vishwanath, Sriram Ramabhadran, Kenneth Yocum, and Alex.
UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.

UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.
Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.

Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.
CSC 450/550 Part 3: The Medium Access Control Sublayer More Contents on the Engineering Side of Ethernet.

CSC 450/550 Part 3: The Medium Access Control Sublayer More Contents on the Engineering Side of Ethernet.
1 Improving the Performance of Distributed Applications Using Active Networks Mohamed M. Hefeeda 4/28/1999.

1 Improving the Performance of Distributed Applications Using Active Networks Mohamed M. Hefeeda 4/28/1999.
1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson

1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Resource Management – a Solution for Providing QoS over IP Tudor Dumitraş, Frances Jen-Fung Ning and Humayun Latif.

Resource Management – a Solution for Providing QoS over IP Tudor Dumitraş, Frances Jen-Fung Ning and Humayun Latif.
CS 268: Active Networks Ion Stoica May 6, 2002 (* Based on David Wheterall presentation from SOSP ’99)

CS 268: Active Networks Ion Stoica May 6, 2002 (* Based on David Wheterall presentation from SOSP ’99)
4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side, delivers.

4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side, delivers.
Chapter 4 Network Layer slides are modified from J. Kurose & K. Ross CPE 400 / 600 Computer Communication Networks Lecture 14.

Chapter 4 Network Layer slides are modified from J. Kurose & K. Ross CPE 400 / 600 Computer Communication Networks Lecture 14.

Similar presentations

Ads by Google