![Page 1: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/1.jpg)
ECE697J, UMASS Amherst 1
Smart Packets: Applying Active Networks to Network Management
Beverly Schwartz et. al. BBN Technologies
Presented by Jinghua Hu09/17/2002
![Page 2: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/2.jpg)
ECE697J, UMASS Amherst 2
OutlineIntroductionSmart Packets System ArchitectureDescriptions of Major Components
Smart Packets Formats/EncapsulationProgramming LanguagesVirtual MachineSecurity Considerations
Discussions
![Page 3: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/3.jpg)
ECE697J, UMASS Amherst 3
IntroductionConcept of Active Networks
capsules carrying user injected programsactive nodes performing computations
Goals of this paperApply active networks to network managementArchitecture descriptions, design and implementation
![Page 4: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/4.jpg)
ECE697J, UMASS Amherst 4
Network Management ReviewComponents
Management stations Managed objects/devicesNetwork Management ProtocolManagement Information Base (MIB)
![Page 5: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/5.jpg)
ECE697J, UMASS Amherst 5
SNMP ReviewSNMP
Management station exchanges data/control with managed devices by polling/trappingSNMP PDU type
GetRequestSetRequestResponseInformRequest
![Page 6: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/6.jpg)
ECE697J, UMASS Amherst 6
MotivationMore per-device processing power available for network managementPolling from management stations is not efficient in large scale networks
Thinking about applying Active NetworksProgrammable managed nodes
![Page 7: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/7.jpg)
ECE697J, UMASS Amherst 7
System Architecture
![Page 8: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/8.jpg)
ECE697J, UMASS Amherst 8
ANEP DaemonANEP: Active Network Encapsulation ProtocolANEP Daemon
Injection point for smart packetsReception point for smart packetsPerforming execution of the received programs on virtual machine
![Page 9: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/9.jpg)
ECE697J, UMASS Amherst 9
Smart Packets ProjectFour Major Components
a specification for smart packet formatsa specification for programming languagesa virtual machinea security architecture
Design PrinciplesNo persistent stateProgram contained in a single packet
![Page 10: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/10.jpg)
ECE697J, UMASS Amherst 10
Part 1: Smart Packets
![Page 11: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/11.jpg)
ECE697J, UMASS Amherst 11
Smart Packet FormatsHeader
VersionType
program packet ( needs IP Router Alert Option)data packeterror packetmessage packet
Context: identifier for clientsSequence number
![Page 12: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/12.jpg)
ECE697J, UMASS Amherst 12
Smart Packet FormatsPayload
Carrying program/data/error/messageBaggage area
Allowing loading/unloading of dataNOT protected
![Page 13: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/13.jpg)
ECE697J, UMASS Amherst 13
ANEP encapsulationANEP headerANEP authentication option
![Page 14: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/14.jpg)
ECE697J, UMASS Amherst 14
Summary of part 1A Smart Packet ( header+payload ) is encapsulated within an ANEP packet and then carried within IPNeed to set “Router Alert” option in IP header
![Page 15: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/15.jpg)
ECE697J, UMASS Amherst 15
Part 2: Programming LanguagesLanguage Design Issues
Compact code sizeSafetyMobilitySupport of special data types and operations for network management
![Page 16: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/16.jpg)
ECE697J, UMASS Amherst 16
SprocketC++ style language
removal of unnecessary constructsnew features such as built-in types for packet, address, identifier and MIB addedsupport operations such as getting address, sending packet, retrieving header, querying MIB information, etc
![Page 17: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/17.jpg)
ECE697J, UMASS Amherst 17
SpannerStack-based CISC Assembly Language
multi-clock complex instructions compact code sizevariable declarationsno access to memorydata stored either in variables or stackbranch and flow controlsubroutines
![Page 18: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/18.jpg)
ECE697J, UMASS Amherst 18
Summary of part 2Statelessness favors compact code size
High-level Language: SprocketAssembly Language: Spanner
Sprocket and Spanner are equivalent, while Spanner allows hand-optimization for a more compact size
![Page 19: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/19.jpg)
ECE697J, UMASS Amherst 19
Part 3: Virtual MachineDesign Issues
feature setsecurity
When a Program packet arrives, Daemon willauthenticate the sender identityverify the data origin and data integritycheck if sender is authorized to run the programfork a child process to run the virtual machine
![Page 20: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/20.jpg)
ECE697J, UMASS Amherst 20
Virtual Machine ImplementationSpanner Virtual Machine
stack-based CISC architectureconservatively handling of errorsaware of resource limitsresides on router’s control processorlimited impact on router performance
![Page 21: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/21.jpg)
ECE697J, UMASS Amherst 21
Summary of part 3Virtual Machine is designed based on considerations of feature set, security and performance impact.
![Page 22: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/22.jpg)
ECE697J, UMASS Amherst 22
Part 4: Security ConsiderationsSmart Packets: a security threat?Mechanisms to limit the threats:
limit on the creator of smart packetauthentication/authorization on data origindata integrity checkrestrict risky operations only to programs sent by authorized senders
![Page 23: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/23.jpg)
ECE697J, UMASS Amherst 23
Authentication/AuthorizationPublic-key certificate for sender identificationDigital signature for data integrity protection
protect ANEP header and entire smart packet, except ANEP packet length field and baggage of smart packet
SNMPv3 Access Control database for authorization check
![Page 24: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/24.jpg)
ECE697J, UMASS Amherst 24
Summary of part 4Security issues addressed in the design
authentication/authorization
Security challenges remainpart of the original packets is not protectedlarge certificates size vs. limited packet sizecomputation costs of verifying certificates
![Page 25: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/25.jpg)
ECE697J, UMASS Amherst 25
ExperiencesExamples
Retrieval of interface address and MTUSNMP: two GET messages and two ResponseSmart Packets: one Program packet and one Data packet
Traceroute
Testbed experiments show that Smart packets network enables more efficient communications
![Page 26: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/26.jpg)
ECE697J, UMASS Amherst 26
SummaryContributions
Design and development of Smart Packets projectProgrammable nodes provide more efficient communications and faster delivery of targeted network events
Lessons LearnedStatelessness is a double-edged swordCompact codes are valuableIP is less extensible than believedSecurity is challenging
![Page 27: Smart Packets: Applying Active Networks to Network …...ECE697J, UMASS Amherst 4 Network Management Review Components Management stations Managed objects/devices ... limited impact](https://reader034.vdocuments.mx/reader034/viewer/2022050110/5f482895f01d3727f7125bde/html5/thumbnails/27.jpg)
ECE697J, UMASS Amherst 27
ReferencesKurose and Ross, Network Management. Computer Networks, Chap 8.RISC Architecture, http://cse.stanford.edu/class/sophomore-college/projects-00/risc/risccisc/
Beverly Schwartz, Technical Memos, http://www.ir.bbn.com/~bschwart/