Active networks applications security safety and architectures
This presentation is the property of its rightful owner.
Sponsored Links
1 / 25

Active Networks: Applications, Security, Safety and Architectures PowerPoint PPT Presentation


  • 40 Views
  • Uploaded on
  • Presentation posted in: General

Active Networks: Applications, Security, Safety and Architectures. Author: Konstantinos Psounis Stanford University Presenter: Sanjay Agrawal Purdue University. Purdue University Nov 15, 2000. Passive and Active Networks.

Download Presentation

Active Networks: Applications, Security, Safety and Architectures

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Active networks applications security safety and architectures

Active Networks: Applications, Security, Safety and Architectures

Author: Konstantinos Psounis Stanford University

Presenter: Sanjay Agrawal

Purdue University

Department of Computer Science, Purdue University

Purdue University Nov 15, 2000


Passive and active networks

Passive and Active Networks

  • Passive: Consists of smart hosts at the edges of the network performing computations up to the app layer, routers interconnecting them can only perform computations up to the network layer.

  • Active: Allows Intermediate routers to perform computations up to the application layer. Users can program the network by injecting programs into them.

Department of Computer Science, Purdue University


Networks passive and active

Networks, Passive and Active:

  • Passive Networks:

    Processing limited to Routing, congestion Control and QoS Schemes

    Problems:

    1. Difficulty of integrating new technologies

    2. No support for applications that require computation within the network.

    3. Poor performance due to redundant operations.

Department of Computer Science, Purdue University


Need for active networks

Need for Active Networks:

  • Need an ability to program the networks.

  • Networks should be able to do computations on user data.

  • Users can supply the programs to perform these computations.

Department of Computer Science, Purdue University


Arguments for and against an

Arguments for and against AN

  • Against:

    • Internet successful because of its simplicity.

  • For

    • Need

    • Will increase the pace of innovation.

    • Mobile code technology enables it.

    • End to end performance of applications will improve.

Department of Computer Science, Purdue University


End to end argument

End to End Argument:

  • A function or service should be placed in the network only if it can be implemented cost effectively.

  • Idea of AN is compatible with this argument.

  • Some services can best be supported using info available inside the net.

Department of Computer Science, Purdue University


Online auctions

Online Auctions

  • The price info by server may not be up-to- date causing client to submit a low bid.

  • So auction server will receive bids that are too low and must be rejected.

  • In AN such low bids can be filtered out in the network, before reaching the server.

  • At heavy load, server activates filters in nearby nodes, updating them with current price periodically.

  • Frees server resources for processing competitive bids, reduces net utilization at the server.

Department of Computer Science, Purdue University


Performance

Performance..

  • Improvement brought about by delegating some of app’s functionality to internal network nodes.

  • Normal traffic could infact benefit from active processing which will reduce bandwidth utilization in some regions of the network.

  • Doing work within the network reduces the total amount of work done by the app.

Department of Computer Science, Purdue University


Performance1

Performance

  • We need App performance rather than network performance, which are not correlated.

  • AN may cause fewer pkts to be sent, with longer per hop latencies because of increased computation and storage.

  • Still overall app performance will improve, because of reduced demand for bandwidth at end-points.

Department of Computer Science, Purdue University


Applications

Applications

  • Active Networks can be beneficial for a variety of applications:

    • Network Management

    • Congestion Control

    • Multicasting

    • Caching

Department of Computer Science, Purdue University


Congestion control

Congestion Control

  • Prime Candidate for Active Networking

  • A special case of Network Management.

  • It’s an intranetwork event, hence solutions to it should be far removed from the app.

  • Delay in congestion information to propagate to the user.

Department of Computer Science, Purdue University


An and congestion

AN and Congestion:

  • Active Node can monitor the available bandwidth and control data flow rate accordingly.

  • Probe packets can gather congestion information as they travel and Monitor packets can use the info to identify the onset of congestion and regulate the flow accordingly.

  • Applications can produce congestion control data according to the situation if they are aware of it, like selective dropping.

Department of Computer Science, Purdue University


Experimental technologies

Experimental Technologies:

  • Network defines a finite set of functions which can be performed at a node on the active packets.

  • Header information in each packet called APCI to specify the function.

  • Packets processed according to APCI and the header recomputed if the function transforms the data.

  • Tested using a Unit Level Dropping Function.

Department of Computer Science, Purdue University


Contd

contd..

  • Model is conservative, since no executable code travels in the packets. However, it is a step towards more radical changes.

  • More complex models will have packets carrying code that makes on the fly routing and congestion control decisions based on information brought to the node by other packets.

  • Upcoming congestion tracked and regulation done before congestion takes place.

Department of Computer Science, Purdue University


Multicasting

Multicasting

  • Current “passive” schemes provide only partial solution to the problem of NACK implosion, load of retransmissions, duplication of packets.

  • Active Reliable Multicast deals with these problems efficiently by storing a soft state and performing customized computation based on packet types.

  • Note that not all nodes need to be active for ARM to work. So an ActiveBONE similar to MBONE will work.

Department of Computer Science, Purdue University


Active reliable multicast

Active Reliable Multicast

  • Local retransmission handled by caching the multicast packets which reduces both latency and traffic.

  • Active router maintains a NACK record and a repair record to perform NACK suppression and scoped retransmission.

  • Flexible and robust as active routers do not need knowledge of group topology.

  • Results show ARM has lower recovery latency than passive schemes.

Department of Computer Science, Purdue University


Active network architectures

Active Network Architectures

  • Some architectures carry executable code, which is executable on the data of the packet that carries the code.

  • Others place code in the active nodes. Identifiers on the packets used to decide which code to be executed.

Department of Computer Science, Purdue University


Active ip option

Active IP Option:

  • Active Packets approach.

  • Extension to IP Options mechanism.

  • Option to carry program fragments in a variety of languages. And to query the languages supported.

  • Backward compatibility ensured since unknown options are silently ignored.

  • Implementation in TCL, to take advantage of TCL interpreter’s restricted execution environment.

Department of Computer Science, Purdue University


Active networks applications security safety and architectures

ANTS

  • Active Nodes approach.

  • Network viewed as a distributed programming system. Packets travel as capsules carrying code.

  • Some code is comprised of well-known routines that reside at every active node.

  • Rest of the application specific code is transferred by mobile code distribution techniques.

Department of Computer Science, Purdue University


Active networks applications security safety and architectures

ANTS

  • Provides a flexible network service. Default forwarding. New protocols can also be introduced into the network.

    • Simultaneous use of a variety of network protocols

    • Construction and use of new protocols by mutual agreement among interested parties, rather than their centralized registration.

    • Dynamic deployment of these protocols.

Department of Computer Science, Purdue University


Security

Security

  • An active packet could consume not only many resources but at a faster rate.

  • Denial of service attacks may occur if there is no resource management.

  • SANE, a layered architecture proposed at University of Pennsylvania addresses these issues.

Department of Computer Science, Purdue University


Architecture of ants

Architecture of ANTS

  • The requirements for having a flexible network layer met by having:

    • Packets replaced by capsules, dictate the processing to be performed on their behalf.

    • Selected routers replaced by active nodes. Provide an API for capsule processing and execute those routines safely.

    • A code distribution mechanism to enable active nodes to download code when needed.

Department of Computer Science, Purdue University


Sane architecture

SANE Architecture

  • A Computer system is organized as a series of layers, each of which defines a virtual machine.

  • Higher levels trust the integrity of the lower layers.

  • Uses AEGIS, a secure bootstrap architecture to cold-start the system.

  • Assumes a PKI Infrastructure for node to node Authentication.

  • Uses a special programming language, PLAN, which is statically type checked and is pointer safe.

Department of Computer Science, Purdue University


Current work

Current Work

  • SANE at University of Pennsylvania.

  • Georgia Tech- congestion control.

  • Bowman an OS for Active Nodes.

  • ARM and active Router Architecture for Multicasting.

Department of Computer Science, Purdue University


Conclusions

Conclusions

  • Definitely an exciting step in network design.

  • Can potentially solve many of the current problems in passive networks, with a wide application range.

  • Will increase the pace of innovation, through rapid deployment and testing of new research.

  • However, most of the current implementations haven’t been deployed on a large-scale net.

  • Security requirements are enormous!

Department of Computer Science, Purdue University


  • Login