an 의 관리적인 접근동향 및 전망 : sencomm case study smart environment for network...
Post on 18-Dec-2015
219 views
TRANSCRIPT
ANAN 의 관리적인 접근동향 및 전망 의 관리적인 접근동향 및 전망 ::
SENCOMM Case Study SENCOMM Case Study SSmart mart EEnvironment for nvironment for NNetwork etwork CoControl, ntrol, MMonitoring and onitoring and MManagementanagement
2002. 5. 9
Mi-Ja Lee, Ki-Joon Chae
Ewha Womans University
2IC & NS Lab.IC & NS Lab.
ContentsContents
Introduction Motivation SENCOMM Project Applications Goals Requirements
SENCOMM Overview
Implementation Conclusion References
3IC & NS Lab.IC & NS Lab.
IntroductionIntroduction (1/5) (1/5)MotivationMotivation
The Internet will provide numerous services to a variety of devices across huge, heterogeneous, topologically complex and politically diverse autonomous systems.
The size, topological complexity, and heterogeneity of current Internet is overwhelming current network management protocols and toolkits.
The tools and protocols necessary for network control, monitoring and management have historically lagged behind the rate of development of other network applications.
4IC & NS Lab.IC & NS Lab.
Introduction Introduction (2/5)(2/5) SENCOMM Project SENCOMM Project
Architecture phase : Sep. 1999 – Mar. 2000 Implementation phase: Mar. 2000 – Sep. 2000 Application phase: Oct. 2000 – Sep. 2001 Final demonstration and documentation
phase : Oct. 2001 – Feb. 2002
Alden W. Jackson, James P.G. Sterbenz,
Matthew N. Condell, Regina Rosales Hain …..Internetwork Research, BBN Technologies, Verizon, Cambridge, Mass.
AcknowledgementISI’s ASP and aboneshell developersSRI’s ABone support team
Leonid Poutievsky, U KentuckyLivio Ricciulli, Metanetworks
5IC & NS Lab.IC & NS Lab.
Introduction Introduction (3/5)(3/5)ApplicationsApplications
Representative SENCOMM Applications Active Persistent Traceroute Multicast Monitoring Resource Discovery Multicast/Concast Remote Ping Multicast Tree Core Maintenance Event Processing
6IC & NS Lab.IC & NS Lab.
Introduction Introduction (4/5)(4/5)General Management GoalsGeneral Management Goals
Management of Active Network Dynamic Deployment and Adaptation Applications-Controlled Management Automation of Problem Detection and
Resolution
7IC & NS Lab.IC & NS Lab.
Introduction Introduction (5/5)(5/5) General RequirementsGeneral Requirements
Packet Delivery Heterogeneous network Packet Receipt Message Size MIB Access Persistent Storage Distributed Time Service Secure Management
8IC & NS Lab.IC & NS Lab.
SENCOMM OverviewSENCOMM Overview
Smart Environment for Network Control, Monitoring and Management(SENCOMM)
Major components : SENCOMM Management Execution Environment(SMEE) Smart Probes(SPs) Loadable Libraries(LLs) Management API
Smart packets : Transporting SENCOMM Smart Probes Installing Loadable Libraries Exchanging Control and Security Messages
9IC & NS Lab.IC & NS Lab.
AS
P
SMEE
smartprobes
loadablelibraries
NodeOS
fast forwarding
EEs
smart packetsmart packet
SENCOMM ArchitectureSENCOMM Architecture
10IC & NS Lab.IC & NS Lab.
Smart PacketsSmart Packets
Previous DARPA Active Networks project at BBN (N66001-96-C-8517)
Added a flexible and rich programming environment to network management and diagnostic packets
Four part architecture: Format and Encapsulation of Smart Packets
(ANEP and IPv4/v6 Router Alert) ※ ANEP : Active Network Encapsulation Protocol specification of a high level language (Sprocket) and
its tightly-encoded assembly language (Spanner) Virtual Machine(VM) Security Architecture
11IC & NS Lab.IC & NS Lab.
SSENCOMM ENCOMM MManagement anagement EEEE (1/2)(1/2)
Two Primary Functions provide the EE for smart probes active node management, including other EE’s and the NodeOS (re
sponsibility may lie or share with NodeOS)
Active Network Management in addition to access to MIB-2 information, SMEE requires
• notification of status changes in network interfaces and kernel routing table
• access to router configuration direct access to NodeOS abstractions
• flows, channels (in/out/cut), file system• enhanced packet filtering, copying, and handling
12IC & NS Lab.IC & NS Lab.
SSENCOMM ENCOMM MManagement anagement EEEE (2/2)(2/2)
Active Node Management Additional SMEE capabilities to manage active node
[not the focus of SENCOMM]
• modify status, attributes, and configuration of each EE
• modify NodeOS to affect memory and thread pools
• modify channel attributes to affect filters, pools, BW/QoS
• evaluate filter requests for overlap At boot, SMEE is automatically loaded
• other EEs can be loaded, certificates retrieved, … Management of other EEs and AAs via inter-EE API
EE Requirement
13IC & NS Lab.IC & NS Lab.
Programs that perform management functions
SP Requirements Operation after Packet forwarded Globally Unique Name Single datagram Access to Loadable Libraries Hibernate until occurrence of
registered event Soft-state can determine life of
probe Encapsulated in ANEP
datagram Transported using UDP/IP or TCP/IP
SSmart mart PProbesrobes
smartprobes
loadablelibraries
SMEE
NodeOS
14IC & NS Lab.IC & NS Lab.
Classes and methods used by one or more smart
probes similar to UNIX shared
libraries LL Requirements
Sharable Dynamically Loadable Globally Unique Name Version Number Separation of State Sharable State
LLoadable oadable LLibrariesibraries
smartprobes
loadablelibraries
SMEE
15IC & NS Lab.IC & NS Lab.
Management Management APIAPI for EEs and for EEs and AAsAAs
SMEE access to EEs Mechanism
EEs provide LL of function wrappers to internal management functions
Wrappers provide interfacefor smart probes
Probe calls function in the EE
EEs
smartprobes
loadablelibrary
SMEE
NodeOS
AA
16IC & NS Lab.IC & NS Lab.
SENCOMM ImplementationSENCOMM Implementation
Implementation Environment SMEE Implementation Management Interfaces and APIs SENCOMM Packet Formats
17IC & NS Lab.IC & NS Lab.
SENCOMM release v0.8.1SENCOMM release v0.8.1(8/14/2001)
protocol
anepanep docdoc smaassmaas smeesmee tcpdumptcpdump
multicast
librarytest
snmp
smeetool
nettool
statetest
userguide
design
architecture
docs
probeguide
tools
spapi
lbl
linux-include
net
netinet
sys
18IC & NS Lab.IC & NS Lab.
Implementation Environment Implementation Environment (1/3)(1/3)
LanguageLanguage Requirements
widely used by community enable deployment on multiple platforms minimize software maintenance issues
Candidates evaluated BBN Spanner/Sprocket (Smart Packets
project) INRIA/UPenn CAML (PLAN project) C/C++ (CANES project) JAVA (SENCOMM)
JAVA chosen for SENCOMM
19IC & NS Lab.IC & NS Lab.
Implementation Environment Implementation Environment (2/3)(2/3)NodeOSNodeOS
Requirements actively being developed multi-platform support
Candidates installed and evaluated GaTech/UKy/UMd Bowman (CANES) Utah Janos anetd for ABone compatibility
Janos + anetd chosen for SENCOMM
20IC & NS Lab.IC & NS Lab.
Implementation Environment Implementation Environment (3/3) Execution Environment(3/3) Execution Environment
Requirements Java-based supported on the ABone supports SENCOMM requirements
Candidates installed and evaluated GaTech/UKy CANES Utah/MIT Janos’ ANTS EE USC/ISI ASP
ASP chosen for SENCOMM
21IC & NS Lab.IC & NS Lab.
Active Node Architecture in Active Node Architecture in ASPASP
SMEEBase
ASP : Active Signaling Protocol
22IC & NS Lab.IC & NS Lab.
SMEE in ASPSMEE in ASP
Benefits yet another EE development effort not needed
• ASP is a control plane EE• ASP filtering• AA code serving• RDP implementation
focus on implementing monitoring and control easily deployable
Challenges continual integration effort as ASP evolves coordinating features in ASP for management
(resources, privileges, low level I/O)
23IC & NS Lab.IC & NS Lab.
Modifications to ASPModifications to ASP
Functionality added to give SMEE additional privileges allow probes to use different versions of
same library without namespace clashes
•per probe classloader ASP implemented thread library for
resource protection
•reasonable convention for code we developed
•problematic for third party code using Java threads (without sources)
24IC & NS Lab.IC & NS Lab.
Active Network ArchitectureActive Network Architecture
Anetd performs the demultiplexing, EE loading and packet filtering functions for active nodes in the ABone.The ASP EE operates with anetd and is installed on core ABone routers as a permanent EE.
25IC & NS Lab.IC & NS Lab.
SENCOMM Env. In the ABONE SENCOMM Env. In the ABONE (1/2)(1/2)
The current SENCOMM environment Runs as an active application in the ASP environment. The ASP environment can run as a permanent execution enviro
nment in the ABONE. Anetd v1.6.3(six Anetd accounts)/Anetd v2(seven)
anpub anee5anee1 anee2 anee3 anee4
ad etc var
exe IP addConfig file
abocc
26IC & NS Lab.IC & NS Lab.
SENCOMM Env. In the ABONE SENCOMM Env. In the ABONE (2/2)(2/2)
Running the ASP EE Follow instruction on joining the ABONE at http://www.isi.edu/ab
one Ask the ABOCC to add the keys and any web servers Get a copy of the AboneShell program from http://www.isi.edu/b
one/AboneShell.html Start the AboneShell and make sure that the host and user argu
ments have been set properly. ASP EE configuration files now need to be loaded onto the variou
s ABONE hosts. Finally, ASP EE can be loaded either within the AboneShell or usi
ng the sc command.
27IC & NS Lab.IC & NS Lab.
ABone InitializationABone Initialization
son.isi.edu
d03.csl.sri.com
dart.bbn.com
www.ir.bbn.com
core-abone-bos1
Load ASP on all nodes Private copy of ASP on w
ww.ir.bbn.com Aboneshell used to load
and run under anee1 Integration into ASP relea
se will allow SMEE to run in permanent ASP EEs
28IC & NS Lab.IC & NS Lab.
SMEE Implementation SMEE Implementation (1/8)(1/8)Smart Probe Smart Probe (1/5)(1/5)
Naming and Dynamic Loading Globally unique names
• SENCOMM : Smart Probes, Loadable Libraries
• ASP : Active Application(AA)
Smart Probes named by:• Context ID
• Serial Number
• Source’s IP address
SENCOMM common header
Smart probes may be loaded into the SMEE using the class loader.
29IC & NS Lab.IC & NS Lab.
SMEE Implementation SMEE Implementation (2/8)(2/8)Smart Probe Smart Probe (2/5)(2/5)
Application Isolation SENCOMM : Smart Probes are isolated from each other ASP EE : Data isolated between running applications
Control of Network I/O Access to incoming packets
• NodeOS : InChannel• ASP EE : Network channel (Nchannel)
Complete access and control• SMEE Inchannel for full arbitrary filtering• SMEE Outchannel for specification of output path
30IC & NS Lab.IC & NS Lab.
SMEE Implementation SMEE Implementation (3/8)(3/8)Smart Probe Smart Probe (3/5)(3/5)
Soft State State Storage Mechanism(State Containers) SENCOMM :
• Soft State Mechanism
• Extends the mechanism to allow probes the option of sharing state with other probes.
• Provides an ASP state container that can be accessed by all probes and libraries.
ASP state containers :• Support soft state within a single smart probe
• Ensures that the state is kept isolated from other probes.
31IC & NS Lab.IC & NS Lab.
SMEE Implementation SMEE Implementation (4/8)(4/8)Smart Probe Smart Probe (4/5)(4/5)
User API Required to launch smart probes into the network
• ASP : - uses a user API to build AAspecs, - forward AAspecs to an ASP EE• SENCOMM smart probes : - contain active code, - do not need a reference path as ASP packets do
SENCOMM requires a user API that includes the ability to specify the smart probe• Initialization data • The identity of the user• A method to send SENCOMM packet to the SMEE• Monitor the channel for message from this smart probe
CLI(command line interface) or GUI
32IC & NS Lab.IC & NS Lab.
SMEE Implementation SMEE Implementation (5/8)(5/8)Smart Probe Smart Probe (5/5)(5/5)
MIB Access SENCOMM
• Access to MIB data on managed active node. The core of SENCOMM :
• Will not include a general SNMP interface usable for managing other nodes via native SNMP queries.
Access provided by loadable library• Loaded at SMEE startup by default
• Possibly based on the AdventNet SNMPv3 API for Java
33IC & NS Lab.IC & NS Lab.
SMEE Implementation SMEE Implementation (6/8)(6/8)Loadable Library : ASP BasedLoadable Library : ASP Based
SMEE loadable code: Library /ASP loadable code: AA Dynamic Library Loading
Java's class loader Class loader per smart probe / unlike ASP with one class loader
• Different probes can use different versions of same library• Not have ASP AA search path problems
Naming LLs use a URN to form a unique names. LL names provide more information about libraries than AAnames in ASP Dynamic name binding(ASP) does not provide any benefit for naming libr
aries(SENCOMM). SENCOMM URLs : to locate libraries / ASP AAspec: search path
34IC & NS Lab.IC & NS Lab.
SMEE Implementation SMEE Implementation (7/8)(7/8)Loadable Library : Beyond ASPLoadable Library : Beyond ASP
Library Naming SENCOMM LLs : new scheme id, naming syntax
• Compatible with the URN syntax described in RFC2141, RFC2396
Loadable Libraries named using URN(Uniform Resource Name) which indicates:• Naming Authority
• Library Name
• Version Number
35IC & NS Lab.IC & NS Lab.
SMEE Implementation SMEE Implementation (8/8)(8/8)SMEE and AnetdSMEE and Anetd
SMEE : Will be compatible with anetd( and netiod) on the ABone Will Interface with anetd to provide software management service
s to smart probes Will be a client of anetd for these services
Anetd : Deployment and control of EE in the active node Demultiplex active packets to the EEs running on the active node. Download the SMEE to a node to be managed Start the EE
36IC & NS Lab.IC & NS Lab.
Writing a Probe in the SENCOMM Env.Writing a Probe in the SENCOMM Env.
To successfully run a probe Launching Application(launcher)
• prepares the probe so that it can be sent around the network
• SendProbe : smaas/SendProbe.java• SendSnmpNetstat : smaas/snmp/SendSnmpNetstat.java
Probe : actually executed code in a SENCOMM environment.
environment and probes : using JAVA JDK 1.2.2 environment on FreeBSD and Linux
37IC & NS Lab.IC & NS Lab.
Writing a Probe in the SENCOMM Env.Writing a Probe in the SENCOMM Env.
BroascastPing WalkingPing RemoteLiveTest SnmpGet SnmpSet SnmpGetTable
SnmpGetProtoStats SnmpGetNext SendSnmpApp GetRunningProbes ResidentPing SendKillPing
38IC & NS Lab.IC & NS Lab.
BroadcastBroadcast
core-abone-bos1
son.isi.edu
d03.csl.sri.com
dart.bbn.com
www.ir.bbn.com
multinode parallel remote liveness test (formerly known as ping)
39IC & NS Lab.IC & NS Lab.
Walking a Circuit and Walking a Circuit and ProcessingProcessing
core-abone-bos1
son.isi.edu
d03.csl.sri.com
dart.bbn.com
www.ir.bbn.com
follow source route and reply on success template for deployment of updates, or new functionality
40IC & NS Lab.IC & NS Lab.
Remote Node State via SNMPRemote Node State via SNMP
core-abone-bos1
son.isi.edudart.bbn.com
www.ir.bbn.com
d03.csl.sri.com
illustrates use of loadable libraries communicates to both standard and Livio’s snmpd
41IC & NS Lab.IC & NS Lab.
Management Interfaces and Management Interfaces and APIs APIs (1/2)(1/2)
Inter-EE ProtocolInter-EE Protocol SENCOMM is not a defined API between the SMEE and th
e managed EEs. ASP provides an interface for AAs to communicate.
SENCOMM defines protocol that EEs may opt to use protocol messages sent using NodeOS channels managed EEs provide LL with management functions functions translate calls to/from protocol packets and return any
reply data May identify functions for managed EEs to implement
42IC & NS Lab.IC & NS Lab.
Management Interfaces and Management Interfaces and APIs APIs (2/2)(2/2) Inter-EE Protocol Packet Inter-EE Protocol Packet
FormatFormat Packet Format
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Version |R|E| Flags | Serial Number |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| ID of function | Number of Arguments |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Argument Length | Argument Value ~+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+~ Argument Value (continued) ~+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+~ Additional argument length and values ~~ : ~+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Argument Length | Argument Value ~+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+~ Argument Value (continued) ~+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+R=0 : call, R=1 : return
43IC & NS Lab.IC & NS Lab.
SENCOMM Packet Formats SENCOMM Packet Formats (1/8)(1/8)
SENCOMM Message EncapsulationSENCOMM Message Encapsulation +------+-------------+-------+-----------+ | IP | UDP / TCP | ANEP | SENCOMM | +------+-------------+-------+-----------+
ANEP header format 0 16 31 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Version =1 | Flags = 0 | Type ID = 25 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ANEP Header Length | ANEP Packet Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | . | ~ Options ~ | . | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | . | ~ Payload ~ | . | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
44IC & NS Lab.IC & NS Lab.
SENCOMM Packet Formats SENCOMM Packet Formats (2/8)(2/8)
SENCOMM message is encapsulated in ANEP packet (TID=25)
Common SENCOMM Header : packet types, reliable transport fields +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Version | Type ID | Context ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Serial Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |A|B|E| segment Sequence Number | Stream ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Sequence Number ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Origin Address ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Sub-Header ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type ID = 1:Probe 2:Library 3:Message 4:Certificate Query 5:Library Query
45IC & NS Lab.IC & NS Lab.
SENCOMM Packet Formats SENCOMM Packet Formats (3/8)(3/8)
Probe Sub-header (Type ID = 1) contains executable code (single datagram)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Length | Language Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ Payload ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Language Type : 1 → Java 2 → Spanner 3 → Sprocket
46IC & NS Lab.IC & NS Lab.
SENCOMM Packet Formats SENCOMM Packet Formats (4/8)(4/8)
Library Sub-header (Type ID = 2) contains name and code for a Loadable Library
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Length | Language Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Name Length | Version | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Name ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Library ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Language Type : 1 → Java 2 → Spanner 3 → Sprocket
47IC & NS Lab.IC & NS Lab.
SENCOMM Packet Formats SENCOMM Packet Formats (5/8)(5/8)
Message Sub-header (Type ID = 3)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Msg-Type | Reserved | Length | ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Value ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Msg-Type 1 → Ack : sequence number 2 → Certificate Reply : a requested certificate 3 → Data : data from the execution of a smart probe 4 → Status : status of an executing smart probe
48IC & NS Lab.IC & NS Lab.
SENCOMM Packet Formats SENCOMM Packet Formats (6/8)(6/8)
Certificate Query Sub-header (Type ID = 4) requests certificate for principal signed by CA
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Cert_type | Identity_type | Authority_type| RESERVED |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ Identity ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ Certificate Authority ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Cert_type1 → PKCS7 √ 6 → Kerberos Tokens2 → PGP Certificate √ 7 → SPKI Certificate3 → DNS Signed Key4 → X.509 Certificate - Signature 5 → X.509 Certificate – Key Exchange
Identity_type1 → IPV4_ADDR2 → IPV6_ADDR3 → DNS Name 4 → X.500 Distinguished Name
49IC & NS Lab.IC & NS Lab.
SENCOMM Packet Formats SENCOMM Packet Formats (7/8)(7/8)
SENCOMM Packet Processing SENCOMM Packet Processing (1/2)(1/2)
Reliable Protocol Processing Sender : B bit/E bit, using Segment Sequence Number Receiver : Ack/Sequence Number plus 1 Packet received Modification to the Receiver Ack Generation Fragment SENCOMM Packets Reliable Delivery Mechanism : ASP→RDP/VNET
Probe Processing (v=1, tid=1) Probe Packets carry executable code. Sending/Receiving : ContextID/Serial Number/Origin Address
Library Processing (v=1, tid=2) Library Packets carry Loadable Libraries. Sending : ContextID/Serial Number/Origin Address Receiving : Name/Version
50IC & NS Lab.IC & NS Lab.
SENCOMM Packet Formats SENCOMM Packet Formats (8/8)(8/8)
SENCOMM Packet Processing SENCOMM Packet Processing (2/2)(2/2)
Certificate Query Processing (v=1, tid=4) Certificate query messages carry requests for security certificates. Sending : ContextID/Serial Number/Origin Address Identity/Certificate Authority/CertType Receiving : Identity/Certificate Authority/CertType
Message Processing (v=1, tid=3) Message Packets carry data, status, and error messages from a smart pr
obe to a specified network management device. Message also return certificates in response to a certificate query messag
es. Sending : ContextID/Serial Number/Origin Address Certificate reply message/Data message/status message Receiving :Certificate reply message/Data message/status message
51IC & NS Lab.IC & NS Lab.
ConclusionsConclusions
SENCOMM-based Management Tools available to any team performing a demonstration ASP use and modification for SENCOMM ABone management and demonstrations
Future works Inter-EE Communication Communication Security Services Potential Monitoring and Management Applications
• ABone Management, RMON+, SNMP-based Control, Multicast/Concast of Probes ……
52IC & NS Lab.IC & NS Lab.
References Alden W. Jackson, James P.G. Sterbenz, Matthew N. Condell, David J. Waitzma
n, “SENCOMM Architecture”, Technology Document of BBN Tech., April 2000. Matthew N. Condell and Regina Rosales Hain, “SENCOMM Programmer’s API”,
Technology Document of BBN Tech., April 2001. Matthew N. Condell and Regina Rosales Hain, “Writing a Probe in the SENCOM
M Environment”, Technology Document of BBN Tech., April 2001. Matthew N. Condell and Regina Rosales Hain, “User’s Guide to the SENCOMM
Environment in the ABONE”, Technology Document of BBN Tech., April 2001. Bob Braden, Alberto Cerpa, Ted Faber, Bob Lindell, Graham Phillips, Jeff Kann,
Vivek Shenoy, “Introduction to the ASP Execution Environment”, Technology document of USC/ISI, November 2001.
Relevant technical documentations and slides …… http://www.ir.bbn.com/projects/sencomm/