Presentation is loading. Please wait.

Presentation is loading. Please wait.

FI Research in China Jun Bi Tsinghua Univ./CERNET Beijing China.

Published bySarah Shepherd Modified over 10 years ago

Similar presentations

Presentation on theme: "FI Research in China Jun Bi Tsinghua Univ./CERNET Beijing China."— Presentation transcript:

1 FI Research in China Jun Bi Tsinghua Univ./CERNET Beijing China

2 Outline FI Research Overview in China –Domestic FI related Projects –International Collaborations Some FI Research in Tsinghua Univ. –OpenFlow Extension (Openflow+) for Intra-AS Source Address Validation –NDN Audio Conference Tool (Collabrating with PARC/UCLA), to see SIGCOMM11 ICN WS paper Caching, test-bed, Router, Gateway…..

3 Internet Development in China The largest Internet population in the world –2011 July: 485 million Internet users in China –Still growing fast (only 36.2 % of population) The largest Service Providers in the world –China Telecom (largest ISP) –China Mobile (616 million users) –China Unicom Giant Internet Venders –Huawei, ZTE,… Would like to try new tech –IPv6, 3G (TD, W, 2000)

4 Domestic FI-related Projects In the 11 th 5-years Plan Period (2006-2010) –MOST Trustworthy Internet IPv6 Source Address Vadldation Architecure (SAVA) Trustworthy ID based on SAVA Trustworthy Application Deployed in 100 univ campus network as testbed –MOST NGB Deployed in Shanghai region –CNGI IPv4/IPv6 Transiditon, ….. Largest test-bed –Smaller NSFC Projects –Mobile/Wireless 3G, 4G

5 Domestic FI-related Projects In the 12 th 5-year Plan Period (2011-2015) –MOST Triple-Play Network –MOST Future Internet (Planning) New Network Architecture New Network Equipment Testbed –CENI infrastructure (Planning) GENI-like –CNGI new phase (Planning) Mainly IPv6, and some FI –NSFC/973 New Network Architecture (CFP)

6 International Collaboration with the USA –GENI/Openflow CERNET signed MOU with GENI and Stanford for IPv6 Openflow, Source Address Validation CANS to collaborate on Openflow Research/Testbed –NDN collaboration Tsinghua Univ., CAS ICT, Huawei…. with the Europe –Onelab, other FP7 projects involvements with CJK –CJK projects on Network Security/FI –AsiaFI

7 Some FI Research in Tsinghua University

8 OpenFlow Extension (Openflow+) for Intra-AS Source Address Validation Tsinghua University, China

9 Source Address Validation (SAV) Why SAV The current Internet Architecture: packet forwarding is only based on destination address SAV will be good for: anti-spoofing/network security network management/traceback network measurement network accounting/billing Why SAV is tough beyond the first hop Asymmetric Routing, Equal Cost Multiple Path. uRPF only make decision based on local FIB What we proposed for Intra-AS SAV –CPF (Calculation based forwarding)

10 Intra-AS Source Address Validation –A central control model that a Calculated Path Forwarding (CPF) controller collects the forwarding information of every router in an AS, and calculates all possible forwarding paths for every source address, and then issues filter rules (the result of the calculation) to the routers to verify the source address of packets.

11 CPF in Current Network Architecture –SNMP Polling forwarding information, interface information and subnet information from MIB for generating a global forwarding path. –xFlow Sample packets through xFlow (NetFlow/sFlow) for validating source address of sampling packets. –Telnet To log on the router and configure the ACL calculated by CPF.

12 Limitations of CPF in the current Internet Architecure The network device is not open and the interface is not standardized: -The ACL structure is not standardized, so we have to design for different vendors -The routing table/forwarding table are not open for modification from outside the router. -The communication between CPF controller and device is in-efficient -May cause false-negative when topology changes (because the routing table changes can not be reported to CPF in real-time) -Telnet scripts can not be smart enough -

13 What OpenFlow bring to us OpenFlow enables network innovation, by: - FlowTable and OpenFlow protocol between controller and device implment the standardization and open access of network device. - User-defined new technology can be easily added to the controller as new components. - The centralized mode in OpenFlow makes some functions based on global information possible.

14 What OpenFlow bring to us Flow Table Device Hardware OpenFlow ProtocolControl Protocol Hardware to OpenFlow Open and standard forwarding hardware Open and standard control interface Open and standard new protocol deployment

15 CPF and Openflow Central control architecture of OpenFlow matches CPF, which requires global information of an AS Using OpenFlow protocol to unify three protocols (SNMP, xFlow and Telnet) for communication between CPF controller and network device Efficient control from outside the network device

16 Challenges of Current OpenFlow To adapt all future protocols and different vendors, needs to make flow table more open If a new innovation is mature enough, needs to implemented the controller inside the device, to improve the efficiency It is hard to pre-define all the communication requirements between the controller and device, needs to make the openflow protocol more open Needs to run openflow in todays router, it will make deployment low-cost and deployable

17 Openflow+ Openflow+ is an extension to the fundamental architecture of OpenFlow to make it more open, efficient, and low-cost: - 1: Flow Table Extension - 2: Distribution Mode Extension - 3: Openflow Protocol Extension - 4: Low-cost Openflow for todays router (OpenRouter)

18 Extension 1: Flow Table Extension Flow Table Mand atory Optio nal Vendor- defined Device Hardware OpenFlow ProtocolControl Protocol Hardware to OpenFlow

19 Extension 2: Distribution Mode Extension Flow Table Device Hardware OpenFlow ProtocolControl Protocol Flow Table Hardware to OpenFlowProtocol to OpenFlowProtocol to Protocol

20 Extension 3: Openflow Protocol Extension In TLV format, each piece of data is organized by the triple of (Type, Length, Value) TLV can be used or arranged recursively TLV Type (Fixed length) TLV Length (Fixed length) TLV Value (TLV Length length)

21 Extension 4: Low-cost Openflow for todays router (OpenRouter) OpenFlow + in a commercial router DCRS 5980/5950, DigitalChina Company, RoutingSwitch

22 Extension 4: Low-cost Openflow for todays router

23 Architecture of CPF based on OpenFlow+ OpenRouter NOX CPF APP OpenFlow +

24 CPF Controller OR AOR B OR DOR COR E OR F OR G OR OpenRouter Filtering Rule Generator Validation Module Rule Adaptor NOX OpenFlow CPF APP Network State Processor Sharing Memory Socket Sampling Packet Processor

25 The Testbed of CPF based on OpenFlow +

26 Thanks!

Download ppt "FI Research in China Jun Bi Tsinghua Univ./CERNET Beijing China."

Similar presentations

A CGA based Source Address Authentication Method in IPv6 Access Network(CSA) Guang Yao, Jun Bi and Pingping Lin Tsinghua University APAN26 Queenstown,

A CGA based Source Address Authentication Method in IPv6 Access Network(CSA) Guang Yao, Jun Bi and Pingping Lin Tsinghua University APAN26 Queenstown,
IPv6 and CNGI in China Jianping WU July 6, 2004. Contents What is the next generation Internet we needed IPv6 and its development CERNET update Next Generation.

IPv6 and CNGI in China Jianping WU July 6, Contents What is the next generation Internet we needed IPv6 and its development CERNET update Next Generation.
1 IPv6 Development in China Xing Li 2003-10-31. 2 Outline l A brief history l Experience l CNGI project l CERNET2 design.

1 IPv6 Development in China Xing Li Outline l A brief history l Experience l CNGI project l CERNET2 design.
Asia FI Workshop on Fundamental Issues of Future Internet rkshop/main.htm Date: October 26, 2008 Venue: HuangHai.

Asia FI Workshop on Fundamental Issues of Future Internet rkshop/main.htm Date: October 26, 2008 Venue: HuangHai.
1 OpenFlow + : Extension for OpenFlow and its Implementation Hongyu Hu, Jun Bi, Tao Feng, You Wang, Pingping Lin Tsinghua University 2011-08-12.

1 OpenFlow + : Extension for OpenFlow and its Implementation Hongyu Hu, Jun Bi, Tao Feng, You Wang, Pingping Lin Tsinghua University
Wireless Testbed in Tsinghua University Fenghua Li Network Research Center of Tsinghua University AsianFI 2008.

Wireless Testbed in Tsinghua University Fenghua Li Network Research Center of Tsinghua University AsianFI 2008.
Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
OpenFlow and Software Defined Networks. Outline o The history of OpenFlow o What is OpenFlow? o Slicing OpenFlow networks o Software Defined Networks.

OpenFlow and Software Defined Networks. Outline o The history of OpenFlow o What is OpenFlow? o Slicing OpenFlow networks o Software Defined Networks.
Floating Cloud Tiered Internet Architecture Current: Rochester Institute of Technology, Rensselaer Polytechnic Institute, University of Nevada, Reno Level.

Floating Cloud Tiered Internet Architecture Current: Rochester Institute of Technology, Rensselaer Polytechnic Institute, University of Nevada, Reno Level.
IP Router Architectures. Outline Basic IP Router Functionalities IP Router Architectures.

IP Router Architectures. Outline Basic IP Router Functionalities IP Router Architectures.
Chapter 1: Introduction to Scaling Networks

Chapter 1: Introduction to Scaling Networks
IPv6 Routing.

IPv6 Routing.
CNGI: China Next Generation Internet Jianping WU CERNET and Tsinghua Univ. Nov. 30, 2004.

CNGI: China Next Generation Internet Jianping WU CERNET and Tsinghua Univ. Nov. 30, 2004.
1 IU Campus GENI/Openflow Experience Matt Davy Quilt Meeting, July 22nd 2010.

1 IU Campus GENI/Openflow Experience Matt Davy Quilt Meeting, July 22nd 2010.
IPv6 Source Address Validation and IETF Efforts Jun Bi CERNET/Tsinghua University APAN 26 August, 2008.

IPv6 Source Address Validation and IETF Efforts Jun Bi CERNET/Tsinghua University APAN 26 August, 2008.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks or: How to Provide Security Monitoring as a Service in Clouds? Seungwon.

CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks or: How to Provide Security Monitoring as a Service in Clouds? Seungwon.

Similar presentations

Ads by Google