an 의 관리적인 접근동향 및 전망 : sencomm case study smart environment for network...

ANAN 의 관리적인 접근동향 및 전망 의 관리적인 접근동향 및 전망 ::

SENCOMM Case Study SENCOMM Case Study SSmart mart EEnvironment for nvironment for NNetwork etwork CoControl, ntrol, MMonitoring and onitoring and MManagementanagement

2002. 5. 9

Mi-Ja Lee, Ki-Joon Chae

Ewha Womans University

[email protected], [email protected]

2IC & NS Lab.IC & NS Lab.

ContentsContents

Introduction Motivation SENCOMM Project Applications Goals Requirements

SENCOMM Overview

Implementation Conclusion References


IntroductionIntroduction (1/5) (1/5)MotivationMotivation

The Internet will provide numerous services to a variety of devices across huge, heterogeneous, topologically complex and politically diverse autonomous systems.

The size, topological complexity, and heterogeneity of current Internet is overwhelming current network management protocols and toolkits.

The tools and protocols necessary for network control, monitoring and management have historically lagged behind the rate of development of other network applications.


Introduction Introduction (2/5)(2/5) SENCOMM Project SENCOMM Project

Architecture phase : Sep. 1999 – Mar. 2000 Implementation phase: Mar. 2000 – Sep. 2000 Application phase: Oct. 2000 – Sep. 2001 Final demonstration and documentation

phase : Oct. 2001 – Feb. 2002

Alden W. Jackson, James P.G. Sterbenz,

Matthew N. Condell, Regina Rosales Hain …..Internetwork Research, BBN Technologies, Verizon, Cambridge, Mass.

AcknowledgementISI’s ASP and aboneshell developersSRI’s ABone support team

Leonid Poutievsky, U KentuckyLivio Ricciulli, Metanetworks


Introduction Introduction (3/5)(3/5)ApplicationsApplications

Representative SENCOMM Applications Active Persistent Traceroute Multicast Monitoring Resource Discovery Multicast/Concast Remote Ping Multicast Tree Core Maintenance Event Processing


Introduction Introduction (4/5)(4/5)General Management GoalsGeneral Management Goals

Management of Active Network Dynamic Deployment and Adaptation Applications-Controlled Management Automation of Problem Detection and

Resolution


Introduction Introduction (5/5)(5/5) General RequirementsGeneral Requirements

Packet Delivery Heterogeneous network Packet Receipt Message Size MIB Access Persistent Storage Distributed Time Service Secure Management


SENCOMM OverviewSENCOMM Overview

Smart Environment for Network Control, Monitoring and Management(SENCOMM)

Major components : SENCOMM Management Execution Environment(SMEE) Smart Probes(SPs) Loadable Libraries(LLs) Management API

Smart packets : Transporting SENCOMM Smart Probes Installing Loadable Libraries Exchanging Control and Security Messages


AS

P

SMEE

smartprobes

loadablelibraries

NodeOS

fast forwarding

EEs

smart packetsmart packet

SENCOMM ArchitectureSENCOMM Architecture


Smart PacketsSmart Packets

Previous DARPA Active Networks project at BBN (N66001-96-C-8517)

Added a flexible and rich programming environment to network management and diagnostic packets

Four part architecture: Format and Encapsulation of Smart Packets

(ANEP and IPv4/v6 Router Alert) ※ ANEP : Active Network Encapsulation Protocol specification of a high level language (Sprocket) and

its tightly-encoded assembly language (Spanner) Virtual Machine(VM) Security Architecture


SSENCOMM ENCOMM MManagement anagement EEEE (1/2)(1/2)

Two Primary Functions provide the EE for smart probes active node management, including other EE’s and the NodeOS (re

sponsibility may lie or share with NodeOS)

Active Network Management in addition to access to MIB-2 information, SMEE requires

• notification of status changes in network interfaces and kernel routing table

• access to router configuration direct access to NodeOS abstractions

• flows, channels (in/out/cut), file system• enhanced packet filtering, copying, and handling


SSENCOMM ENCOMM MManagement anagement EEEE (2/2)(2/2)

Active Node Management Additional SMEE capabilities to manage active node

[not the focus of SENCOMM]

• modify status, attributes, and configuration of each EE

• modify NodeOS to affect memory and thread pools

• modify channel attributes to affect filters, pools, BW/QoS

• evaluate filter requests for overlap At boot, SMEE is automatically loaded

• other EEs can be loaded, certificates retrieved, … Management of other EEs and AAs via inter-EE API

EE Requirement


Programs that perform management functions

SP Requirements Operation after Packet forwarded Globally Unique Name Single datagram Access to Loadable Libraries Hibernate until occurrence of

registered event Soft-state can determine life of

probe Encapsulated in ANEP

datagram Transported using UDP/IP or TCP/IP

SSmart mart PProbesrobes

smartprobes

loadablelibraries

SMEE

NodeOS


Classes and methods used by one or more smart

probes similar to UNIX shared

libraries LL Requirements

Sharable Dynamically Loadable Globally Unique Name Version Number Separation of State Sharable State

LLoadable oadable LLibrariesibraries

smartprobes

loadablelibraries

SMEE


Management Management APIAPI for EEs and for EEs and AAsAAs

SMEE access to EEs Mechanism

EEs provide LL of function wrappers to internal management functions

Wrappers provide interfacefor smart probes

Probe calls function in the EE

EEs

smartprobes

loadablelibrary

SMEE

NodeOS

AA


SENCOMM ImplementationSENCOMM Implementation

Implementation Environment SMEE Implementation Management Interfaces and APIs SENCOMM Packet Formats


SENCOMM release v0.8.1SENCOMM release v0.8.1(8/14/2001)

protocol

anepanep docdoc smaassmaas smeesmee tcpdumptcpdump

multicast

librarytest

snmp

smeetool

nettool

statetest

userguide

design

architecture

docs

probeguide

tools

spapi

lbl

linux-include

net

netinet

sys


Implementation Environment Implementation Environment (1/3)(1/3)

LanguageLanguage Requirements

widely used by community enable deployment on multiple platforms minimize software maintenance issues

Candidates evaluated BBN Spanner/Sprocket (Smart Packets

project) INRIA/UPenn CAML (PLAN project) C/C++ (CANES project) JAVA (SENCOMM)

JAVA chosen for SENCOMM


Implementation Environment Implementation Environment (2/3)(2/3)NodeOSNodeOS

Requirements actively being developed multi-platform support

Candidates installed and evaluated GaTech/UKy/UMd Bowman (CANES) Utah Janos anetd for ABone compatibility

Janos + anetd chosen for SENCOMM


Implementation Environment Implementation Environment (3/3) Execution Environment(3/3) Execution Environment

Requirements Java-based supported on the ABone supports SENCOMM requirements

Candidates installed and evaluated GaTech/UKy CANES Utah/MIT Janos’ ANTS EE USC/ISI ASP

ASP chosen for SENCOMM


Active Node Architecture in Active Node Architecture in ASPASP

SMEEBase

ASP : Active Signaling Protocol


SMEE in ASPSMEE in ASP

Benefits yet another EE development effort not needed

• ASP is a control plane EE• ASP filtering• AA code serving• RDP implementation

focus on implementing monitoring and control easily deployable

Challenges continual integration effort as ASP evolves coordinating features in ASP for management

(resources, privileges, low level I/O)


Modifications to ASPModifications to ASP

Functionality added to give SMEE additional privileges allow probes to use different versions of

same library without namespace clashes

•per probe classloader ASP implemented thread library for

resource protection

•reasonable convention for code we developed

•problematic for third party code using Java threads (without sources)


Active Network ArchitectureActive Network Architecture

Anetd performs the demultiplexing, EE loading and packet filtering functions for active nodes in the ABone.The ASP EE operates with anetd and is installed on core ABone routers as a permanent EE.


SENCOMM Env. In the ABONE SENCOMM Env. In the ABONE (1/2)(1/2)

The current SENCOMM environment Runs as an active application in the ASP environment. The ASP environment can run as a permanent execution enviro

nment in the ABONE. Anetd v1.6.3(six Anetd accounts)/Anetd v2(seven)

anpub anee5anee1 anee2 anee3 anee4

ad etc var

exe IP addConfig file

abocc


SENCOMM Env. In the ABONE SENCOMM Env. In the ABONE (2/2)(2/2)

Running the ASP EE Follow instruction on joining the ABONE at http://www.isi.edu/ab

one Ask the ABOCC to add the keys and any web servers Get a copy of the AboneShell program from http://www.isi.edu/b

one/AboneShell.html Start the AboneShell and make sure that the host and user argu

ments have been set properly. ASP EE configuration files now need to be loaded onto the variou

s ABONE hosts. Finally, ASP EE can be loaded either within the AboneShell or usi

ng the sc command.


ABone InitializationABone Initialization

son.isi.edu

d03.csl.sri.com

dart.bbn.com

www.ir.bbn.com

core-abone-bos1

Load ASP on all nodes Private copy of ASP on w

ww.ir.bbn.com Aboneshell used to load

and run under anee1 Integration into ASP relea

se will allow SMEE to run in permanent ASP EEs


SMEE Implementation SMEE Implementation (1/8)(1/8)Smart Probe Smart Probe (1/5)(1/5)

Naming and Dynamic Loading Globally unique names

• SENCOMM : Smart Probes, Loadable Libraries

• ASP : Active Application(AA)

Smart Probes named by:• Context ID

• Serial Number

• Source’s IP address

SENCOMM common header

Smart probes may be loaded into the SMEE using the class loader.



Application Isolation SENCOMM : Smart Probes are isolated from each other ASP EE : Data isolated between running applications

Control of Network I/O Access to incoming packets

• NodeOS : InChannel• ASP EE : Network channel (Nchannel)

Complete access and control• SMEE Inchannel for full arbitrary filtering• SMEE Outchannel for specification of output path



Soft State State Storage Mechanism(State Containers) SENCOMM :

• Soft State Mechanism

• Extends the mechanism to allow probes the option of sharing state with other probes.

• Provides an ASP state container that can be accessed by all probes and libraries.

ASP state containers :• Support soft state within a single smart probe

• Ensures that the state is kept isolated from other probes.



User API Required to launch smart probes into the network

• ASP : - uses a user API to build AAspecs, - forward AAspecs to an ASP EE• SENCOMM smart probes : - contain active code, - do not need a reference path as ASP packets do

SENCOMM requires a user API that includes the ability to specify the smart probe• Initialization data • The identity of the user• A method to send SENCOMM packet to the SMEE• Monitor the channel for message from this smart probe

CLI(command line interface) or GUI



MIB Access SENCOMM

• Access to MIB data on managed active node. The core of SENCOMM :

• Will not include a general SNMP interface usable for managing other nodes via native SNMP queries.

Access provided by loadable library• Loaded at SMEE startup by default

• Possibly based on the AdventNet SNMPv3 API for Java


SMEE Implementation SMEE Implementation (6/8)(6/8)Loadable Library : ASP BasedLoadable Library : ASP Based

SMEE loadable code: Library /ASP loadable code: AA Dynamic Library Loading

Java's class loader Class loader per smart probe / unlike ASP with one class loader

• Different probes can use different versions of same library• Not have ASP AA search path problems

Naming LLs use a URN to form a unique names. LL names provide more information about libraries than AAnames in ASP Dynamic name binding(ASP) does not provide any benefit for naming libr

aries(SENCOMM). SENCOMM URLs : to locate libraries / ASP AAspec: search path


SMEE Implementation SMEE Implementation (7/8)(7/8)Loadable Library : Beyond ASPLoadable Library : Beyond ASP

Library Naming SENCOMM LLs : new scheme id, naming syntax

• Compatible with the URN syntax described in RFC2141, RFC2396

Loadable Libraries named using URN(Uniform Resource Name) which indicates:• Naming Authority

• Library Name

• Version Number


SMEE Implementation SMEE Implementation (8/8)(8/8)SMEE and AnetdSMEE and Anetd

SMEE : Will be compatible with anetd( and netiod) on the ABone Will Interface with anetd to provide software management service

s to smart probes Will be a client of anetd for these services

Anetd : Deployment and control of EE in the active node Demultiplex active packets to the EEs running on the active node. Download the SMEE to a node to be managed Start the EE


Writing a Probe in the SENCOMM Env.Writing a Probe in the SENCOMM Env.

To successfully run a probe Launching Application(launcher)

• prepares the probe so that it can be sent around the network

• SendProbe : smaas/SendProbe.java• SendSnmpNetstat : smaas/snmp/SendSnmpNetstat.java

Probe : actually executed code in a SENCOMM environment.

environment and probes : using JAVA JDK 1.2.2 environment on FreeBSD and Linux


Writing a Probe in the SENCOMM Env.Writing a Probe in the SENCOMM Env.

BroascastPing WalkingPing RemoteLiveTest SnmpGet SnmpSet SnmpGetTable

SnmpGetProtoStats SnmpGetNext SendSnmpApp GetRunningProbes ResidentPing SendKillPing


BroadcastBroadcast

core-abone-bos1

son.isi.edu

d03.csl.sri.com

dart.bbn.com

www.ir.bbn.com

multinode parallel remote liveness test (formerly known as ping)


Walking a Circuit and Walking a Circuit and ProcessingProcessing

core-abone-bos1

son.isi.edu

d03.csl.sri.com

dart.bbn.com

www.ir.bbn.com

follow source route and reply on success template for deployment of updates, or new functionality


Remote Node State via SNMPRemote Node State via SNMP

core-abone-bos1

son.isi.edudart.bbn.com

www.ir.bbn.com

d03.csl.sri.com

illustrates use of loadable libraries communicates to both standard and Livio’s snmpd


Management Interfaces and Management Interfaces and APIs APIs (1/2)(1/2)

Inter-EE ProtocolInter-EE Protocol SENCOMM is not a defined API between the SMEE and th

e managed EEs. ASP provides an interface for AAs to communicate.

SENCOMM defines protocol that EEs may opt to use protocol messages sent using NodeOS channels managed EEs provide LL with management functions functions translate calls to/from protocol packets and return any

reply data May identify functions for managed EEs to implement


Management Interfaces and Management Interfaces and APIs APIs (2/2)(2/2) Inter-EE Protocol Packet Inter-EE Protocol Packet

FormatFormat Packet Format

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Version |R|E| Flags | Serial Number |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| ID of function | Number of Arguments |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Argument Length | Argument Value ~+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+~ Argument Value (continued) ~+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+~ Additional argument length and values ~~ : ~+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Argument Length | Argument Value ~+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+~ Argument Value (continued) ~+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+R=0 : call, R=1 : return


SENCOMM Packet Formats SENCOMM Packet Formats (1/8)(1/8)

SENCOMM Message EncapsulationSENCOMM Message Encapsulation +------+-------------+-------+-----------+ | IP | UDP / TCP | ANEP | SENCOMM | +------+-------------+-------+-----------+

ANEP header format 0 16 31 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Version =1 | Flags = 0 | Type ID = 25 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ANEP Header Length | ANEP Packet Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | . | ~ Options ~ | . | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | . | ~ Payload ~ | . | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+



SENCOMM message is encapsulated in ANEP packet (TID=25)

Common SENCOMM Header : packet types, reliable transport fields +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Version | Type ID | Context ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Serial Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |A|B|E| segment Sequence Number | Stream ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Sequence Number ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Origin Address ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Sub-Header ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Type ID = 1:Probe 2:Library 3:Message 4:Certificate Query 5:Library Query



Probe Sub-header (Type ID = 1) contains executable code (single datagram)

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Length | Language Type |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

~ Payload ~

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Language Type : 1 → Java 2 → Spanner 3 → Sprocket



Library Sub-header (Type ID = 2) contains name and code for a Loadable Library

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Length | Language Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Name Length | Version | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Name ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Library ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Language Type : 1 → Java 2 → Spanner 3 → Sprocket



Message Sub-header (Type ID = 3)

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Msg-Type | Reserved | Length | ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Value ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Msg-Type 1 → Ack : sequence number 2 → Certificate Reply : a requested certificate 3 → Data : data from the execution of a smart probe 4 → Status : status of an executing smart probe



Certificate Query Sub-header (Type ID = 4) requests certificate for principal signed by CA

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Cert_type | Identity_type | Authority_type| RESERVED |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

~ Identity ~

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

~ Certificate Authority ~

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Cert_type1 → PKCS7 √ 6 → Kerberos Tokens2 → PGP Certificate √ 7 → SPKI Certificate3 → DNS Signed Key4 → X.509 Certificate - Signature 5 → X.509 Certificate – Key Exchange

Identity_type1 → IPV4_ADDR2 → IPV6_ADDR3 → DNS Name 4 → X.500 Distinguished Name



SENCOMM Packet Processing SENCOMM Packet Processing (1/2)(1/2)

Reliable Protocol Processing Sender : B bit/E bit, using Segment Sequence Number Receiver : Ack/Sequence Number plus 1 Packet received Modification to the Receiver Ack Generation Fragment SENCOMM Packets Reliable Delivery Mechanism : ASP→RDP/VNET

Probe Processing (v=1, tid=1) Probe Packets carry executable code. Sending/Receiving : ContextID/Serial Number/Origin Address

Library Processing (v=1, tid=2) Library Packets carry Loadable Libraries. Sending : ContextID/Serial Number/Origin Address Receiving : Name/Version



SENCOMM Packet Processing SENCOMM Packet Processing (2/2)(2/2)

Certificate Query Processing (v=1, tid=4) Certificate query messages carry requests for security certificates. Sending : ContextID/Serial Number/Origin Address Identity/Certificate Authority/CertType Receiving : Identity/Certificate Authority/CertType

Message Processing (v=1, tid=3) Message Packets carry data, status, and error messages from a smart pr

obe to a specified network management device. Message also return certificates in response to a certificate query messag

es. Sending : ContextID/Serial Number/Origin Address Certificate reply message/Data message/status message Receiving :Certificate reply message/Data message/status message


ConclusionsConclusions

SENCOMM-based Management Tools available to any team performing a demonstration ASP use and modification for SENCOMM ABone management and demonstrations

Future works Inter-EE Communication Communication Security Services Potential Monitoring and Management Applications

• ABone Management, RMON+, SNMP-based Control, Multicast/Concast of Probes ……


References Alden W. Jackson, James P.G. Sterbenz, Matthew N. Condell, David J. Waitzma

n, “SENCOMM Architecture”, Technology Document of BBN Tech., April 2000. Matthew N. Condell and Regina Rosales Hain, “SENCOMM Programmer’s API”,

Technology Document of BBN Tech., April 2001. Matthew N. Condell and Regina Rosales Hain, “Writing a Probe in the SENCOM

M Environment”, Technology Document of BBN Tech., April 2001. Matthew N. Condell and Regina Rosales Hain, “User’s Guide to the SENCOMM

Environment in the ABONE”, Technology Document of BBN Tech., April 2001. Bob Braden, Alberto Cerpa, Ted Faber, Bob Lindell, Graham Phillips, Jeff Kann,

Vivek Shenoy, “Introduction to the ASP Execution Environment”, Technology document of USC/ISI, November 2001.

Relevant technical documentations and slides …… http://www.ir.bbn.com/projects/sencomm/

an 의 관리적인 접근동향 및 전망 : sencomm case study smart environment for network...

Documents