Embed Size (px)
DESCRIPTION
Application. Application. Presentation. Presentation. Session. Session. Transport. Transport. Network. Network. Network. Data Link. Data Link. Data Link. Physical. Physical. Physical. The Seven Layers. Intermediate. End system. End system. system. - PowerPoint PPT Presentation
Citation preview
The Seven Layers
Presentation
Application
Session
Transport
Network
Data Link
Physical
Presentation
Application
Session
Transport
Network
Data Link
Physical
Network
Data Link
Physical
End system End systemIntermediatesystem
Why only 3 layers inside the network?
• The end-to-end principle: what ever can be done in the edge – don’t do inside!
• “The network should be fast and dumb!”
The Seven Layers
Presentation
Application
Session
Transport
Network
Data Link
Physical
Presentation
Application
Session
Transport
Network
Data Link
Physical
Network
Data Link
Physical
End system End systemIntermediatesystem
What is wrong with this picture?
What’s wrong? – its not realistic
• people are doing application layer tasks inside the network:– firewalls– proxies – L4-7 routing
Why not adding network support for applications
• standards are very slooooow to develop– multicast!
• we need a fast way to add features to our network core
Virtualization
Solution
• let’s agree on a standard interface for routers and let everyone run its own programs.
• Questions:– who is everyone?– Do we have the cycles?– what about security?
Programmable Routers
• What is programmable?
configuration policy based routing
OS upgrade off-line download
code per packet
• Who can program?manufacturer owner
authorized contractor “big” users
end user
configu
rationpolicy based rou
ting
OS
upgrade
off-line dow
nload
code per packet
manufacturer owner
authorized contractor “big” users
end user
current state
Capsules
What is a Mobile Agent ?
A mobile agent is an executing program that can migrate from machine to machine in a heterogeneous network under its owncontrol.
Here an agent has migrated to interact with a search engine and willmigrate again to bring the results back to its owner.
Mobile Code• The basic idea is to allow code dispatching to
remote sites where it is executed. • Move the programmer away from the rigid client-
server model to the more flexible peer-peer model• programs communicate as peers• act as either clients or servers depending on their
current needs
• Problems arising from mobility– heterogeneity of systems– security (as more parties are involved)
Mobile Agents
• Mobile Agents are program instances that are able move within a network under their own control
• mobile agents consist of:– code – data state (i.e. variables)– execution state (i.e. stack)
• Some basic capabilities:– able to autonomously migrate between places– able to communicate to each other– some agents offer services or interfaces to legacy
applications
Application for Mobile Agents
• Distributed Information Retrieval
• Mobile computing
• Distributed Network Management
• Collaborative and workflow applications
• Active networks
• Electronic commerce
Distributed Network Computing
• More than one user
• More than one host
• More than one application
• Code can migrate from host to host
• Who is in charge?
Hosting Mobile Code
• We want the code to perform tasks related to the network
• Who will host the mobile agent?• How will the agent locate its optimal
location for the task?• What type of services are needed?• Is the applet sandbox model good enough?
Open Routers
• Addresses at least one aspect of the problem
• Define an interface between the mobile code and the host
• An interface is an agreed and shared contract, typically static knowledge that is not dynamically modified after the agreement
Terminology
• Active Networks
• Mobile agents
• Mobile code
• Programmable networks
No clear definitions, depends who is using it
Programming paradigms based on code mobility
Client Server
Client/server
local resources
Client Server
Code on Demand Mobile Agents
local resources
local resources
Client Server
Remote evaluation
local resources
Active Networks: What?
• Routers are programmable
• An application generated code can be injected into the network, and executed in the routers
• Aims at enriching functionality at the network layer (not at distributed computing)
• From capsule to programmable switches
Active Networks: How?
• Producing a new networking platform, flexible and extensible at runtime to accommodate the rapid evolution and deployment of networking technologies
• To provide the increasingly sophisticated services demanded by defense applications
• The packet itself is the basis for describing, provisioning, or tailoring resources to achieve the delivery and management requirements
• A killer application ?!
Active Networks: Why?Active Networks: Why?
Killer Application
• Was (and still is) an important issue
• Do we really need one?
• How about network management?
• New services? What?
• The ability to create new services in the network level
Challenges
• Composite protocols: SmartPacket processing must be efficient, secure and survivable
• Enhanced network services– quickly and safely deploy new services – achieve widespread use without need for a
standardization process– upgrade crucial network services to keep pace with
network complexity (size, speed, variety) – develop new strategies for routing and service
provisioning in large networks that have overlapping topologies and mobility requirements
Is It
• Safe?– safety and security– comparing to IP
• Efficient? – an AN node is always slower than a router– system view: fewer packets, shorter control
loops, smarter algorithms
• Feasible? – computation power, horizontal architecture
Are Active Networks Efficient?
• An AN node is always slower than a router
• Fast/slow track
• System view: – fewer packets– shorter control loops– smarter algorithms
Architecture
EE EE
channels storage
- The underlying operating system Node OS
- Executing Environment
- The Active Applications
Assumptions• The unit of multiplexing of the network is the packet (and not, say,
the circuit)• The primary function of the active network is communication and not
computation. The network contains some nodes whose primary reason for existence is to switch packets and thus allow sharing of transmission resources
• Active nodes are interconnected by a variety of packet-forwarding technologies, and this variety will evolve continuously. Therefore assumptions about underlying technologies must be minimized
• Each active node is controlled by an administration, and no single administration controls all active nodes
• Trust relationships between administrations will vary. Trust needs to be explicitly managed
Control plane Vs. Data plane
Everything is over IP
Objectives• Minimize the amount of standardization required, and
support dynamic modification of aspects of the network that do not require global agreement
• Support fast-path processing optimizations in nodes. (The architecture should not preclude active nodes from performing standard IPv4/IPv6 forwarding at speeds comparable to non-active IP routers.)
• Support deployment of a base platform that permits on-the-fly experimentation. Backward compatibility, or at least the ability to fit existing network nodes into the architectural framework, is desirable
Objectives (2)
• Scale to very large global active networks. The main implication for the node architecture is a requirement that network-scale parameters (e.g. number of principals using the entire active network) not be exposed at the individual node level
• Provide mechanisms to ensure the security and robustness of active nodes individually. As with scalability, global security and robustness is the responsibility of each individual network architecture. However, the stability of individual nodes is necessary for that of the entire network
• Support network management at all levels• Provide mechanisms to support different
levels/qualities/classes of service
NodeOS and EE
EE EE
applicationapplication
application
applicationapplication
application
channels storage
Node OS
Executing Environment
ActiveApplications
NodeOS and EE Packet Flow
EE
EE
applicationapplication
application
applicationapplication
application
channels storage
Node OS EE Node OSLink-level Link-level
IP cutthroughclassifier packets
NodeOS
• Interfacing the link-level and the EEs
• Controls resources:– CPU– memory– communications (channels)
• Security
• Routing
NodeOS Abstracts
• Flows - the primary abstraction for accounting, admission control, and scheduling in the system
• Thread pool - the primary abstraction for computation
• Memory pool - the primary abstraction for memory
• Channels - flows create channels to send, receive, and forward packets
Execution Environment
• Interface to the NodeOS
• The place where the actual active code is being executed
• Application to application communication
• EE to EE communication
• Examples
NodeOS/EE
• Do we really need it?
• The cost of abstraction?
• What about high-speed active networks?
• Channels for local information and control
Safety and Security
• Crucial for deployment• Safety (i.e. robustness to bugs and failures)
and security (i.e. against malicious attackers)• Basic tradeoff: flexibility Vs. security
– adding more power to the applications can be used by the “bad guys”
• Is this a (good) reason to give up progress?
Possible Threats• Damage
– an active packet damages the NodeOS/EE/network-level code in the router
– an active packet changes code in other active packets– the active router may interfere with the original active
packet’s code
• Denial of service– an active packet “takes over” a certain resource (CPU,
memory) and deny services from other active packets
Possible Threats (2)
• Theft– an active packet may access and change information
at a node (billing), or information used by other active pockets (passwords)
• Compound attack– AN can be used to generate a coordinated attack
aimed at a remote router. AN may allow a single attacker to generate traffic to a single destination with volume that is unlimited by the bandwidth of its own connection
Security - Enabling Techniques• AAA:
• authorization• authentication: someone else vouches for the packet• access control to resources such as the file system
• Resource consumption monitoring (with policy based management)
• PPC - Proof Carrying Code - the code can prove that it is safe
Proof-Carrying Code (PCC)Peter Lee and George Necula
• PCC is a technique by which a code consumer (e.g., host) can verify that code provided by an untrusted code producer adheres to a predefined set of safety rules (safety policy). These rules are chosen by the code consumer in such a way that they are sufficient guarantees for safe behavior of programs.
• The code producer is required to create a formal safety proof that attests to the fact that the code respects the defined safety policy. The code consumer is able to use a simple and fast proof validator to check, with certainty, that the proof is valid.
A Secure Active Environment
• Accept and authenticate the incoming packet
• Identify the sender(s) of the packet
• Authorize access to the appropriate resources
• Allow execution based on the authorization and the security policy
• Monitor the resource utilization
• Encrypt/decrypt code/data as needed
• Who should do it: nodeOS? EE?
DARPA Projects
• ANTS at MIT• Smart Packets at BBN• Switchware at Upenn and Bellcore• Netscript at Columbia• Applications:
• active reliable multicast, protocol boosters, active congestion control, Internet applications
• ABone: a global AN network
ANTS (MIT)
• ANTS - an Active Node Transfer System – a Java-based toolkit for experimenting with active
networks. It provides a node runtime that can participate in an active network, and a protocol programming model that allows users to customize the forwarding of their packets
• The first EE to be developed
• Uses capsules that do not contain all the code
• A code distribution system distributes the code to the different active nodes.
Smartpackets (BBN GTE)
• Goal: to add programmability to management and diagnostic packets
• Making packets smart by:– an easily compiled source code language -
Sprocket– access to information on the fly (MIB)
• Emphasis on runtime, no soft states, the code lifetime at a node is only during execution.
SwitchWare U. Penn. and Telecordia
• Goal: understand the design space– investigate architectures and programming paradigms
for AN– use modern programming languages– find “sweet spots” in tradeoffs among flexibility,
usability, performance and security
• Main features:– PLAN - Packet Language for Active Networks– ALIEN - Active Loader
SwitchWare Architecture
PLAN
ALIEN/Caml/OS
AEGIS Static IntegrityChecks
DynamicIntegrityChecks
Node-NodeAuthentication
Recovery
ALIENLibrary
PLANPacket
PLANPacket
CamlSwitchlet
CamlSwitchlet
Packet Language for Active Networks
• Domain-Specific Language for AN• Active Packets of ML-like code• Restricted for security & performance• Active extensions for restricted tasks• “Glue language” to build active applications• Resource-bounds for network protection• Access to link-layers w/extensions
The ALIEN Active Loader
• Focus on generality and security
• Crypto. Credentials extend to remote case active packets and active extensions all written in Caml with restricted runtime
• Applications to LAN bridging, IP forwarding
switchlets
Loader
Core Switchlet
libraries
Runtime (Caml)OS (Linux)
Issues• Packets size:
– how much code can fit into a single packet?– offline loading of code
• A safe execution of the code– how much control – offline guaranties Vs. runtime verification
• Interactions:– packet -- EE– packet -- packet
Netscript (Columbia)• A glue language to compose and manage active flow
processing applications • Enable significant domain-specific capabilities:
– computation over flows
• Simplify programming active nets– high-level abstraction of flow processing: end-end
composition & coordination
• Compiler-generated support of key functions– manageability: security, resource allocation– optimization– map to heterogeneous node architectures from JVM to
ASIC/FPLA…
Applications
• Multicast – ARM (at MIT), PANAMA (U.Mass and TASC)
• Caching– Adaptive Web Caching (UCLA)
• Active congestion control – (USC/ISI, GaTech)
• Auctions– (MIT)
Applications
• Applications that can use servers inside the network:– multicast retransmission– caches
• Data corresponding to a certain application is manipulated by the routers
ABone Active Network Backbone
• An experimental network consisting of nodes from all over the world used to prototype and test new ideas related to Active Networking
• ~96 nodes (October 2001)
• Assembled from existing links and node, mainly Linux machine with ANetd:– a basic EE for Linux– a way to manage different EEs
ABone Active Network Backbone
AN Outside DARPA• IWAN since 1999 (International Working Conference on
Active Networks– many of the papers deals with network management
• EU research: large investment – FAIN - Future Active IP Networks
• Network operators like BT,DT,AT&T, MCI see in the programmable switch/router paradigm a way to:– allow them to program their own networks to achieve better
functionality/efficiently over competitors– offer big clients unique custom designed services in a very short
time frame – shift some of the revenue opportunities from manufactures to service
providers
What is missing?
• Access to the network:– local information: topology, interfaces, load– routing - access to routing tables and
manipulation of routing/forwarding tables
• Soft states: allowing a truly distributed application to run for a long period of time
• Integration with current routers
ABLE (Active Bell Labs Engine)
• Shorter control loops• Fusion of control messages in the network• Exposing the actual cost to the programmer
Introduce efficiency to network management using
active networks technology
ABLE Architecture
• An adjunct active engine to any router
• R/W interface with the router
• Long lived sessions
• Use of standard tools
• The broker concept
• Security
Active Engine
SessionBroker
MIB
routerfilter
session 1 session 2
security
session n
ControlBroker
InfoBroker
CLI
An EarlyArchitecture
• An adjunct active engine to any router:– modularity
– easy deployment
– safe
• R/W interface with the router
MIB
routerfilter
Active Engine
manager
An Early Architecture• An adjunct active engine to
any router• R/W interface with the router
• Long lived “sessions”– generalized “soft state”– rendezvous
• Use of standard tools:– Java, ANEP over UDP/IP,
SNMP, IP filtering
MIB
routerfilter
Active Engine
manager
session 1 session 2
The Router
• Forwarding + basic routing• Filtering: active packets (with
active UDP ports) are sent to the active engine (AE)
• Support for SNMP• Fast-track user-controlled
routing and filtering
Active Engine
manager
MIB
routerfilter
controller
The Active Engine• Can be separate, or in the
same box• R/W interface with the
router:– SNMP– vendor’s specific control
• Long lived sessions: – rendezvous– generalized soft state
• Use of standard tools:– Java, ANEP over UDP/IP,
SNMP, IP filtering
Active Engine
manager
MIB
routerfilter
session 1 session 2
security
Addressing Modes
• Explicit - sent directly to a known AE– efficient
• Oblivious - sent along a path, and intercepted by the first AE en-route– topology learning – robust
An Early Architecture
• An adjunct active engine to any router
• R/W interface with the router
• Long lived “sessions”• Use of standard tools
• Security MIB
routerfilter
Active Engine
manager
session 1 session 2
security
Safety & SecuritySafety & Security• The active engine is separate from
the router - regular IP traffic is safer• Inside the active engine:
– AAA (authentication, authorization, access control)
– blocking unauthorized TCP connections– monitoring resource consumption of
sessions– Java SecurityManager: blocking native
methods and foreign file access
An Application Example:Bottleneck Detection
• Currently can be done using the traceroute program: – inefficient and limited in scope
(route + timing info)
• An active solution:– efficient– versatile– can do much more
Current Traceroute Program
• Quadratic number of messages
• Quadratic completion time
An Active Solution
• Each AE duplicates the program it receives and forwards it
• Linear completion time
• Quadratic number of messages
010011101001010101010101010011101001010101010101
1110111010101010010101111010101010101010101010101010101000111011101010101001010111101010101010101010101010101010100011101110101010100101011110101010101010101010101010101010001110111010101010010101111010101010101010101010101010101000
00000000 0010011101111011101010101010101100100111011110100010100010101111
Bottleneck DetectionBottleneck Detection
Tishrey
inbar
Heshvan Kislev
Adar
Amir
From: inbar To:tishrey
get_code(code);get_data(hop#,dest,reportto); hop# ++; packet = prepare_new_packet (code,hop#,dest,reportto);send_new_pack(packet,dest);info = get_local_info();send_report(reportto, info, hop#);finish();
hop#: 0 dest: adarreportto: inbar
Razcisco1MIB
filter
manager
session 1
security
Active Engine
router
session 2
ABLE++ Architecture
• An adjunct active engine to any router
• R/W interface with the router
• Long lived sessions
• Use of standard tools
• The broker concept
• Security
Active Engine
SessionBroker
MIB
routerfilter
session 1 session 2
security
session n
ControlBroker
InfoBroker
CLI
ANEP
• A mechanism for encapsulating Active Network frames for transmission over different media– an active node receiving a packet must be able to
uniquely and quickly determine the environment in which it is intended to be evaluated
– to allow minimal, default processing of packets for which the intended evaluation environment is unavailable
– so that information that does not fit conceptually or pragmatically in the encapsulated program (such as security headers), can be placed in the header
The ANEP Header
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Version | Flags | Type ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ANEP Header Length | ANEP Packet Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Options ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | . | ~ Payload ~ | . | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
ANEP Header Fields
• The Version field indicates the header format in use• Only the most significant bit of the flag field is used.
It indicates what the node should do if it does not recognize the Type ID: 0 - try to forward, 1 - discard
• The ANEP Header Length field specifies the length of the ANEP header in 32 bit words. If no options are included in the packet, then its value must be 2
• The ANEP Packet Length field specifies the length of the entire packet, including the packet payload, in octets
ANEP Header Fields (2)
• The Type ID field indicates the evaluation environment (EE) of the message
• The proper authority for assigning Type ID values to interested parties is the Active Networks Assigned Numbers Authority (ANANA) (61-64)
• The Type ID value 0 is reserved for possible future network layer information and error messages
• If the value contained in this field is not recognized, the node should check the value of the most significant bit of the Flags field when deciding how to handle the packet
ABLE Implementation• Active engine:
– C code, in user space– active packet’s code in Java– Java methods for performance, security, and ease of use
• Router: – FreeBSD on a PC with ipfw as the filter, or– Linux on a PC with ipTables as the filter, or– COTS (Commercially Of The Shelf) routers (CISCO,
Lucent RABU), with filters
Divertor• Free BSD:
– using the built in fire wall - ipfw– special divert socket– all UDP traffic to socket 3322 goes to this socket
• Linux: – using the built in ipTables – User-level program– all UDP traffic to socket 3322 goes to this
program, and diverted to the session manager
Session Broker• Operation:
– listen on all sockets– if arrive from outside
• Send data to session, or• Create new session
– if from inside:• Send data/code to network (as an
active packet)
– if admin:• Do whatever
– kill,referesh,update-new
SessionBroker
session 1 session 2
securityrouter
Interfaces:ACTEXTPort 3322ACTINPort 3691ADMININPort 3692
Session Broker
• Creating a new session:
– get packet – reassemble– create session– get session socket number– send data to socket
SessionBroker
session 1 session 2
securityrouter
Session Broker
• The session SB communication:
– UDP sockets– “Our” headers– one admin and one data socket to
the SB– one socket for each session– The session part is done via the
Act class
SessionBroker
session 1 session 2
securityrouter
Information Broker
• The session IB communication:
– TCP streams sockets– “Our” functions– The session part is done via the
BrokerInterface class– The broker part in JAVA
security
router
MIB
session 1 session 2
InfoBroker
CLI
Information Broker
• Caching information:– interfaces and routing information
is cached, and retrieved locally– cache is updated every (C) seconds– saves accesses to the router, may
result in getting staled information
• OID access:– allow direct access to the MIB
security
router
MIB
session 1 session 2
InfoBroker
CLI
010011101001010101010101010011101001010101010101
1110111010101010010101111010101010101010101010101010101000111011101010101001010111101010101010101010101010101010100011101110101010100101011110101010101010101010101010101010001110111010101010010101111010101010101010101010101010101000
00000000 0010011101111011101010101010101100100111011110100010100010101111
Bottleneck DetectionBottleneck Detection
Tishrey
Inbar
Heshvan Kislev
Adar
Amir
From: inbar To:tishrey
get_code(code);get_data(hop#,dest,reportto); hop# ++; packet = prepare_new_packet (code,hop#,dest,reportto);send_new_pack(packet,dest);info = get_local_info();send_report(reportto, info, hop#);finish();
hop#: 0 dest: adarreportto: inbar
Razcisco1MIB
filter
manager
session 1
security
Active Engine
router
session 2
Ses.Javaimport java.io.*;import java.lang.*;import java.net.*;import Act.*;import AdventNetSnmp.*;
// This is an example for an active session that computes traceroute
public class Ses{
public static void main ( String args[] ) throws Exception, AdventNetSnmpException {
AdventNetSnmp request = new AdventNetSnmp(); DatagramPacket udppacket;/* set to number of bytes of data. Should bedivisible by 4 */
int datasize = 12; System.out.println(">>>>> before Act");
Ses.JavaAct session = new Act(datasize * -1);System.out.println(">>>>> After Act");byte[] p = session.getProg();
byte[] v = session.getInitVars(); int[] senderip = new int[4]; byte[] destip = new byte[4]; byte[] udpmsg ;
// get original sender IP address
for (int i=0;i<4;i++) senderip[i] = (int) ((v[i] < 0 ) ? v[i]+256 : v[i]);
String sendername = Integer.toString(senderip[0]) + "." + Integer.toString(senderip[1]) + "." + Integer.toString(senderip[2]) + "." + Integer.toString(senderip[3]);
// get target IP address
System.out.println("Destination IP address");for (int i=0;i<4;i++) {destip[i] = v[i+4];
System.out.println(destip[i] + ".");}
// get hop number
int hopnum = (int) v[8];System.out.println("Hop number" + hopnum);
int dummy = (int) v[9];
Ses.Java// prepare new message
if (v[8]>127) System.out.println("too big.........");
else v[8]++;
// send new message
byte[] newpck = new byte[p.length+datasize];for (int i=0;i<p.length;i++) newpck[i] = p[i];
// append data onto end of classfile
for (int i=0;i<datasize; i++) newpck[i+p.length] = v[i];
session.send(newpck,Act.IPaddr(destip)); // get some local information (SNMP) String oid1 = ".1.3.6.1.2.1.4.6.0"; // IPforward String oid2= ".1.3.6.1.2.1.1.1.0"; //host name String oid = ".1.3.6.1.2.1.1.5.0"; //host name String res1 = request.getOne(oid);
//String res1 = "JESSICAS";request.close();
Ses.Java
// send udp to original sender reporting your status String udpmsgtext = "hop " + v[8] + ": " + res1;
System.out.println(">>>>>>>>UDPMSG>>>>>>>>>>>>>>>>>>>> " + udpmsgtext); System.out.println(udpmsgtext); int udpmsglen = udpmsgtext.length(); udpmsg = new byte[udpmsglen];
udpmsg = udpmsgtext.getBytes(); udppacket = new DatagramPacket ( udpmsg, udpmsglen,session.IPaddr( sendername),9901);
try{session.socket.send(udppacket);
} catch ( Exception exc) {
System.out.println( "Error! - " + exc.toString()); }
// be nice report: I'm done
// session.send(v,session.internetAddress);
}}
Using the information broker
BrokerInterface localBroker = new BrokerInterface();
int ifi= 0;String res1 = " " ; try{ ifi = localBroker.getNextHopIf(destname); float load = localBroker.getLoad(ifi); res1 = "The load is: " + Float.toString(load); } catch ( Exception exc) { res1 = "The load value is unavailable "; }
