Jae Woo Lee, Roberto Francescangeli, Wonsang Song, Jan Janak, Suman Srinivasan, Michael S. Kester, Salman Baset, Eric Liu

and Henning Schulzrinne Internet Real-Time Lab, Columbia University

In collaboration with Volker Hilt at Bell Labs/Alcatel-Lucent and Zoran Despotovic and Wolfgang Kellerer at DOCOMO Euro-Labs

WhatisNetServ?

  In‐networkservicecontainer  Java‐programmable,signal‐drivenrouter  “GENILite”–deploymodules,notVMs  Activenetworking2.0

Bridgingtwoworlds

10+interfaces0GBdisk1low‐endprocessor

1interfaceTBdisk1‐32multi‐coreprocessors

NetServpackettransport

Virtualexecutionenvironment

Buildingblocklayer

Virtualexecutionenvironment

Buildingblocklayer

Virtualexecutionenvironment

Buildingblocklayer

Servicemodules ServicemodulesServicemodules

NetServcontroller

Moduledownload

Moduleinstall

Signalingmessagetoinstallmodule

Signalingmessageforwardedtonexthop

Datapacketsprocessedbyservicemodules

NetServnodearchitecture

Currentprototype

!"#$"%&'

!$()'

*+$,'

!"#$%&'()*+%,-+*.(*&+,/-%

01"2%3/()*+%

!"#$"%&'

-./#%.00"%'

(1/23'4"%/"0'

,%5/67.%#'058"%'

$"%&19"'-./#51/"%'

$"%&19"'-./#51/"%'

$"%&19"'-./#51/"%'

:5&5';$*1'

:5&5';$*1'

:5&5';$*1'

$"%&"%'

5770195#1./'

<.=20"6'

4/-+',-*.%(/-+./5%(/66'-73%

-01"/#>'

$"%&"%'

=5#5'7594"#6'

?.%@5%="=

=5#5'

7594"#6'

$1A/501/A'

7594"#6'

,&+'85*3%

(/66'-7%

!"#B10#"%' 19:0;0;%<=%19:0;0;%<>%

1*+#*.?%4/-+./5%

@*33'A*3%

)594"#'

7%.9"661/A'

5770195#1./'<.=20"6'

!$+$'61A/501/A'=5"<./6'

Servicecontainerindetail

!"#$%$%&

!"#$%&'()#(*&

+$"*,"#-&.*/0'&*12()&

345*(6(*&78&9&*%0&!"#$%&:/#;1"#()&<&

!".)1)2&=/,$*(>&42>;(=&=/,$*(>& ?)1@@()>&A/)&#1;"6(&&A$#0;"/#>&

B10'(;&

@)/0(>>"#-&

1@@*"01;"/#&=/,$*(&C&

4()6()&

1@@*"01;"/#&

=/,$*(&C&

'())*+,&

-.()&

!/01/.2&

3(+0.(44/.&

D78&E&34F"&

:*"(#;5>()6()&

,1;1&@10'(;>&

!"#$%&'()*+%!!,-&,*.')##.*/&("#012

G/)H1),(,&

,1;1&&

@10'(;>&

!"#$%&'"!&%()*+%+%,

&B10'(;&,">@1;0I()&J&

4()6*(;&KBL& M$--*()&M8!5NB:&

J& J&

B10'(;&

@)/0(>>"#-&

1@@*"01;"/#&=/,$*(&O&

Thegrandvision

  NetServeverywhere  CommonserviceAPIonrouter,PC,set‐topbox,...  Storageandcomputationonnetworknodes  EnablingplatformforNGI

  Internetisamulti‐usercomputer  Codemodulesrunanywhere  Secureandextensible  Activenetworkingredux!

Not‐so‐grandinitialfocus

  Activatethenetworkedge  EyeballISPssellrouterresourcestocontentpublishers

  Contentpublishersinstallserversandpacketprocessorsonedgerouters

  Economicincentives  NewrevenuesourceforISPs  AlternativetoCDNforcontentpublishers

Overviewofoperation

!"#$%&"'()*+,%*"#'-)#'./0'1'

12'34"#'5"6/"4+'

72'8*4+,99':);/9"'

<2'=!8!'!%>*,9'

./09%4?"#'1

@*;'34"#4'

12'34"#'5"6/"4+'

72'8*4+,99':);/9"'

<2'=!8!'!%>*,9'

./09%4?"#'<@*;'34"#4'

="+!"#$'5)/+"#'

="+!"#$'()*+#)99"#'

!"#$%&"'()*+,%*"#'-)#'./0'<'

NSISSignaling

!"

#$%&$'

!$(#$')!*+*'$

,--./0*(/1%

!" 23!#4#3"%(/(5

!"

!$(#$')

617($'483617($'6$0$/)$'

239*(*3:$;;*<$;

=*;(

!1&$

23#/<%*./%<3:$;;*<$;

!"

!$(#$')

617($'

4>?8

@/:$17(

Application:ActiveCDN

!"#$%&'($

)'*+'(,$

(-%*'($

)'*+'(,$

(-%*'($

.'/%01($

(-%*'($

.'/%01($

(-%*'($

2-"*'"*$

3%405&6'(

789$:&'($(';%'&*&$,5#'-<$6**3<==>-"*'"*?3%405&6'(@>-A=BC50'DC--$

7E9$2-"*'"*$3%405&6'($&'"#&$,5#'-$C50'$

7F9$)'*+'(,$(-%*'(&$#-G"0-1#$*6'$A-#%0'$

7H9$2-"*'"*$3%405&6'($&'"#&$-"?31*6$&5/"10$*-$#'30-I$J>*5,'2K)$A-#%0'$

7L9$)'*+'(,$(-%*'(&$G5*6$J>*5,'2K)$('30I$*-$3(-4'$

7M9$J"-*6'($%&'($(';%'&*&$6**3<==>-"*'"*?3%405&6'(@>-A=BC50'DC--$

7N9$2-"*'"*$3%405&6'($C5"#&$"'1(4I$J>*5,'2K)$"-#'O$&'"#&$('#5('>*$A'&&1/'$

7P9$:&'($(';%'&*&$6**3<=="'*&'(,8@&'(,5>'?3(-,5#'(@>-A=BC50'DC--$

78Q9$J>*5,'2K)$#-G"0-1#&$*6'$,5#'-O$&5A%0*1"'-%&0I$&'(,5"/$1"#$>1>65"/$5*$

)$)$

7R9$2-"*'"*$3%405&6'($3(-4'&$C-($5"&*100'#$J>*5,'2K)$A-#%0'&$

7889$J>*5,'2K)$>1"$10&-$3(->'&&$>-"*'"*$

Application:Mediarelay

•  Standardmediarelay

–  RequiredduetoNAT–  Out‐of‐path–  InefficientandCostly

•  NetServmediarelay

–  Closertousers–  Improvedcallquality

–  ReducedcostforITSP

Application:Keep‐aliveresponder

•  NATKeep‐aliveresponderoff–  UAbehindNATmustsendkeep‐alivemessages–  MajorboJleneckforSIPserver

•  NATKeep‐aliveresponderon–  ModulerespondsonbehalfofSIPserver

–  Notraffictoserver

Application:Overloadcontrol

NetServModule•  ControlledbySIPserver•  ThroJlesincomingtraffic•  RandomizedtrafficrejecLon

SIPServer•  InstallsNetServmoduleondemand•  ControlsallNetServmodules•  Real‐Lmefeedbacktomodules

Evaluation

!"#$%&'()#(*&

+(,-().&/0#,1"#()&

+(,20#",0)& '((34*".(&

5-6"&

782&

/0#9&:&

/0#9&;&

/0#9&<&

/0#9&=&

/0#9&>&

/0#9&?&

+(,9"*,()&

0

100

200

300

400

500

0 100 200 300 400 500

Fo

rwa

rdin

g r

ate

[kp

ps]

Input rate [kpps]

Conf 1: Plain LinuxConf 2: Linux with packet filser

Conf 3: NetServ Container with Java removedConf 4: NetServ Container with no moduleConf 5: NetServ Container with NetMonitorConf 6: NetServ Container with KeepAlive

Javapacketprocessingoverhead:

•  Overheadsignificant,butnotprohibitive•  HandlestypicaledgeroutertrafficonmodestPChardware

Sowhat’snew?

Threedesigngoals:1.  Wide‐areadeployment

  Signalingfordeploymentw/oprecisetarget

2.  Multi‐userexecutionenvironment  Packetprocessinginuserspace  Multiplelayersofresourcecontrol&isolation  Moduleauthentication&filterauthorization

3.  Cleareconomicbenefit  Compellingusecases

Futurework

  OpenFlowintegration  NetServnodeasaside‐car

  NetServoncommercialrouter  JUNOSSDK

  InternetmulticastusingNetServ  HybridofALMandIPmulticast

  AuthenticationandauthorizationusingRPKI

NetServprojectroadmap

  Nov2010:DemoatGEC9plenarysession  Videoavailableathttp://vimeo.com/16474575

  June2011:PresentationatFutureNetIV

  Fullconferencepaperintheworks  Currentstatusavailableintechreport:http://www.cs.columbia.edu/~jae/papers/netserv‐tech‐report‐1.0.pdf

  July2011:NetServtutorialatGEC11  NetServasGENILite

  Open‐sourcereleaseshortlyafterwards