active networks: applications, security, safety and architectures

Department of Computer Science, Purdue University

Active Networks: Applications, Security, Safety and

Architectures

Author: Konstantinos Psounis Stanford University

Presenter: Sanjay Agrawal

Purdue University

Purdue University Nov 15, 2000Purdue University Nov 15, 2000


Passive and Active Networks

• Passive: Consists of smart hosts at the edges of the network performing computations up to the app layer, routers interconnecting them can only perform computations up to the network layer.

• Active: Allows Intermediate routers to perform computations up to the application layer. Users can program the network by injecting programs into them.


Networks, Passive and Active:

• Passive Networks:

Processing limited to Routing, congestion Control and QoS Schemes

Problems:

1. Difficulty of integrating new technologies

2. No support for applications that require computation within the network.

3. Poor performance due to redundant operations.


Need for Active Networks:

• Need an ability to program the networks.

• Networks should be able to do computations on user data.

• Users can supply the programs to perform these computations.


Arguments for and against AN

• Against:– Internet successful because of its simplicity.

• For – Need – Will increase the pace of innovation.– Mobile code technology enables it.– End to end performance of applications will

improve.


End to End Argument:

• A function or service should be placed in the network only if it can be implemented cost effectively.

• Idea of AN is compatible with this argument.

• Some services can best be supported using info available inside the net.


Online Auctions

• The price info by server may not be up-to- date causing client to submit a low bid.

• So auction server will receive bids that are too low and must be rejected.

• In AN such low bids can be filtered out in the network, before reaching the server.

• At heavy load, server activates filters in nearby nodes, updating them with current price periodically.

• Frees server resources for processing competitive bids, reduces net utilization at the server.


Performance..

• Improvement brought about by delegating some of app’s functionality to internal network nodes.

• Normal traffic could infact benefit from active processing which will reduce bandwidth utilization in some regions of the network.

• Doing work within the network reduces the total amount of work done by the app.


Performance

• We need App performance rather than network performance, which are not correlated.

• AN may cause fewer pkts to be sent, with longer per hop latencies because of increased computation and storage.

• Still overall app performance will improve, because of reduced demand for bandwidth at end-points.


Applications

• Active Networks can be beneficial for a variety of applications:– Network Management– Congestion Control– Multicasting– Caching


Congestion Control

• Prime Candidate for Active Networking

• A special case of Network Management.

• It’s an intranetwork event, hence solutions to it should be far removed from the app.

• Delay in congestion information to propagate to the user.


AN and Congestion:

• Active Node can monitor the available bandwidth and control data flow rate accordingly.

• Probe packets can gather congestion information as they travel and Monitor packets can use the info to identify the onset of congestion and regulate the flow accordingly.

• Applications can produce congestion control data according to the situation if they are aware of it, like selective dropping.


Experimental Technologies:

• Network defines a finite set of functions which can be performed at a node on the active packets.

• Header information in each packet called APCI to specify the function.

• Packets processed according to APCI and the header recomputed if the function transforms the data.

• Tested using a Unit Level Dropping Function.


contd..

• Model is conservative, since no executable code travels in the packets. However, it is a step towards more radical changes.

• More complex models will have packets carrying code that makes on the fly routing and congestion control decisions based on information brought to the node by other packets.

• Upcoming congestion tracked and regulation done before congestion takes place.


Multicasting

• Current “passive” schemes provide only partial solution to the problem of NACK implosion, load of retransmissions, duplication of packets.

• Active Reliable Multicast deals with these problems efficiently by storing a soft state and performing customized computation based on packet types.

• Note that not all nodes need to be active for ARM to work. So an ActiveBONE similar to MBONE will work.


Active Reliable Multicast

• Local retransmission handled by caching the multicast packets which reduces both latency and traffic.

• Active router maintains a NACK record and a repair record to perform NACK suppression and scoped retransmission.

• Flexible and robust as active routers do not need knowledge of group topology.

• Results show ARM has lower recovery latency than passive schemes.


Active Network Architectures

• Some architectures carry executable code, which is executable on the data of the packet that carries the code.

• Others place code in the active nodes. Identifiers on the packets used to decide which code to be executed.


Active IP Option:

• Active Packets approach.• Extension to IP Options mechanism.• Option to carry program fragments in a variety of

languages. And to query the languages supported. • Backward compatibility ensured since unknown

options are silently ignored. • Implementation in TCL, to take advantage of

TCL interpreter’s restricted execution environment.


ANTS

• Active Nodes approach. • Network viewed as a distributed programming

system. Packets travel as capsules carrying code.• Some code is comprised of well-known routines

that reside at every active node.• Rest of the application specific code is

transferred by mobile code distribution techniques.


ANTS

• Provides a flexible network service. Default forwarding. New protocols can also be introduced into the network.– Simultaneous use of a variety of network

protocols– Construction and use of new protocols by

mutual agreement among interested parties, rather than their centralized registration.

– Dynamic deployment of these protocols.


Security

• An active packet could consume not only many resources but at a faster rate.

• Denial of service attacks may occur if there is no resource management.

• SANE, a layered architecture proposed at University of Pennsylvania addresses these issues.


Architecture of ANTS

• The requirements for having a flexible network layer met by having:– Packets replaced by capsules, dictate the

processing to be performed on their behalf. – Selected routers replaced by active nodes.

Provide an API for capsule processing and execute those routines safely.

– A code distribution mechanism to enable active nodes to download code when needed.


SANE Architecture

• A Computer system is organized as a series of layers, each of which defines a virtual machine.

• Higher levels trust the integrity of the lower layers. • Uses AEGIS, a secure bootstrap architecture to cold-

start the system.• Assumes a PKI Infrastructure for node to node

Authentication.• Uses a special programming language, PLAN, which

is statically type checked and is pointer safe.


Current Work

• SANE at University of Pennsylvania.

• Georgia Tech- congestion control.

• Bowman an OS for Active Nodes.

• ARM and active Router Architecture for Multicasting.


Conclusions

• Definitely an exciting step in network design. • Can potentially solve many of the current

problems in passive networks, with a wide application range.

• Will increase the pace of innovation, through rapid deployment and testing of new research.

• However, most of the current implementations haven’t been deployed on a large-scale net.

• Security requirements are enormous!

active networks: applications, security, safety and architectures

Documents

network performance

network layer

purdue universitynetworks

purdue universityperformancewe

purdue universityarguments

purdue universityend

purdue universitypassive

purdue universityneed