1 / 16

Adaptive End-to-End QoS Guarantees in IP Networks using an Active Network Approach

Adaptive End-to-End QoS Guarantees in IP Networks using an Active Network Approach. Roman Pletka IBM Research, Zurich Research Laboratory, Switzerland Burkhard Stiller University of Federal Armed Forces Munich, Germany and

hue
Download Presentation

Adaptive End-to-End QoS Guarantees in IP Networks using an Active Network Approach

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Adaptive End-to-End QoS Guarantees in IP Networks using an Active Network Approach RomanPletka IBM Research, Zurich Research Laboratory, Switzerland Burkhard Stiller University of Federal Armed Forces Munich, Germany and Computer Engineering and Networks Laboratory (TIK), ETH Zürich, Switzerland IBM Zurich Research Laboratory

  2. Agenda • Introduction • The abstract node model • Active networking framework • Overview of security risks. • The hierarchical safety levels • Example Applications • E2E services with RSVP signaling and active packets • Conclusion IBM Zurich Research Laboratory

  3. Introduction • Why is QoS rarely used today? • ISP’s use massive over-provisioning. • Huge variety in existing QoS architectures (Intserv, Diffserv, ST2+, QoS classes in GPRS). • No end-to-end support for service guarantees in heterogeneous IP networks (Are user’s willing to pay for unpredictable service?). • Increasing variety in QoS-provisioning mechanisms (eg., policers, schedulers, AQM schemes) => Need for QoS translation services. IBM Zurich Research Laboratory

  4. Building E2E services End-to-end Service Service Description SLA Networking Parameters SLA Networking Parameters SLA SLS SLS SLS Sender Receiver IBM Zurich Research Laboratory

  5. Node Model for QoS Provisioning in a Proactive Environment 5 Active Security Proactive QoS Plane 4 Hierarchy 3 2 1 E2E Flow Control 0 Absolute and Relative QoS Description Domain Policies Congestion Control in Routers Buffer Management Networking Plane Active Packets Intserv RSVP & Schedulers Diffserv Application Plane IBM Zurich Research Laboratory

  6. Functional Description • Discovery process • Leads to initial behavior bounds that specify upper bounds for available resources. • Within the network, not from hosts. • Resource Management • Comprises the task of maintaining information on the actual status of resource availability. • Example: maximum available bandwidth per traffic class, policies, resources related to the neighborhood, and router services. • Feedback Control • Instantaneous traffic characteristics can deviate from QoS reservation. • Translation phase • Translation of QoS parameters using active code provided by either the network administrator or the application itself. • No simple one-to-one mapping => active code.Surjective code translation is obtained by projection onto the new QoS space, whereas injective code translation needs additional information based on default mappings and/or educated guess methods. IBM Zurich Research Laboratory

  7. Security Risks in Active Networks • Byte-code language • Byte-code provides architectural neutrality and intrinsic safety properties [SNAP]. • Common operations can be represented with a single byte-codes which leads to high code compactness. • Specific characteristics of the underlying architecture are hidden. • Resource bound • Divides networking resources into a two-dimensional vector (local and network part) • Limitation of bandwidth, CPU, and memory usage in nodes. • Enables efficient charging of active packets at the network edge. • Presence of code and data in the same packet does not compromise security. • Safety levels • Monitoring control plane activities. • Handling of active networking packets is split into 6 security levels. • Sandbox environment • Safe execution environment: Active Networking Sandbox (ANSB) • Information exchange in nodes only feasible using router services. • JIT-compiler (SNAP -> Network Processor Picocode). IBM Zurich Research Laboratory

  8. AN Safety Hierarchy Dynamic router services: registering new router services Authentication of active packets needed using a public key infrastructure. 5 Complex policy insertion and manipulation Admission control at the edge of the network, trusted within a domain. 4 Simple policy modification and manipulation Running in a sandbox environment, limited by predefined rules and installed router services. 3 2 Creation of new packets and resource-intensive router services (e.g., lookups) Sandbox environment based on the knowledge of the instruction performance. 1 0 Simple packet byte-code Safety issues solved by restrictions in the language definition and the use of a sandbox environment. Safety Level No active code present in packets Corresponds to the traditional packet forwarding process. IBM Zurich Research Laboratory

  9. The Sandbox Environment in Active Nodes Policy Database Resource Database Neighborhood Database Safety Levels Control Entity Router Service Handler Active Code Handler Services Tables Feedback Control 2+ Active Byte-code Interpreter Hardware specific Services Forwarding Entity 1 Cls Pol TE AQM Sched Networking Hardware 0 IBM Zurich Research Laboratory

  10. AN and Network Processors • Forwarding, filtering and classification functions. • In pico-code programmable core language processors. • Coprocessor assists for • table lookups (FM, LPM, SMT) • queuing • policing • string copy • checksum generator • Hardware scheduler (WFQ, Priority Scheduler). • Hardware assist for flow control (BAT, WRED). • Embedded Power PC for more complex tasks. => On-the-fly active code execution at line speed is feasible. IBM Zurich Research Laboratory

  11. Example Applications Intserv/RSVP Domain Diffserv Network with Active Nodes Sender SGSN Receiver BSS GGSN Pure Active Network Domain Mobile Network using a GPRS Backbone IBM Zurich Research Laboratory

  12. Conclusion • Efficient QoS translation using Active Networks can lead to improved E2E service guarantees. • Security risks are bounded to the level of traditional IP forwarding, control, and management. • The Active Networking framework benefits from the presence of network processors with specialized hardware assists. Lower safety levels have been implemented on an IBM PowerNP 4GS3. • Future work: Dynamic off-loading of forwarding and control functionalities directly onto a network processor. IBM Zurich Research Laboratory

  13. Questions… IBM Zurich Research Laboratory

  14. Additional Slides IBM Zurich Research Laboratory

  15. AN Requirements for Network Processors • Array register initialized with the first part of the packet content (i.e., packet header). • Array registers (scratch memory) that is large enough to hold the memory section of an active packet as well as additional temporary values. • A mechanism to read more data from the packet (access to all data in the packet) and an array register to store this information. • A mechanism to update the packet being forwarded. • Load and store operations to move data between registers. • Standard arithmetic and logical operations on scalar registers. • Support for standard comparison and control flow operations (e.g. (un)conditional branching, subroutine calls). IBM Zurich Research Laboratory

  16. E2E Service using Active Networks RSVP (controlled load and fixed filter) Domain A Domain B Domain C - full support of RSVP in the domain. - no active routers present (active packets are forwarded as regular IP packets) - metropolitan area - limited RSVP support using active routers. - active packets from outside the domain are not executed in this domain (preemption) - router services installed by administrator - corresponds to a core ISP - No RSVP support. - entering active packets are allowed to execute active code up to safety level 1. - ISP at the edge of the network Sender Receiver IBM Zurich Research Laboratory

More Related