Growing of Interneta permanent challenge

for designers and network engineeringJiří Navrátil jiri@cesnet.cz

European Future Networking Initiatives Workshop22.2.2007 Amsterdam

Introduction to EFNI workshop

• Internet expansion and consequences• Next generation of Internet (directions and

supporting projects, FIND, GENI) • New terminology: Slicing, Virtualizaton,

PlanetLab, VINI, etc. • New networking phenomena, concepts,

approaches (DHT, P2P, CAN, ROS)

BGP table analysisPartial visibility of the Internet from one router (from the routing tables)

Source: http://www.caida.org/tools/measurement/skitter/

What are the problems of Internet ?

Speed and capacity ?In network backbones ? In aggregation networks?last mile ?wireless (ad hoc networks, Wimax) ?

Access to the network ?from individual machines (PC,MAC,Linux), Supercomputers, PDA, phones,edge points

Distribution of services in requested quality to end usersto universities, offices (thousands of sites in each country)to homes (millions of access points)mobile users

Utilization of existing networks (Measurement and monitoring)How do we know what users are doing and what they want, what are the loads od individual segments of Internet ?

Security aspects ?Yes, definitely, all of these areas has own

difficulties and clear road map for future developments

However, they don’t threaten the system as whole

The real problems of IP world are in the principles

• IP addresses ? Yes, before 1994 nearly collapsed. Problem postponed because of reusable private IP, NAT. It is reason why IPv6 is not so hot

• Naming ? Yes, DNS still dominate and it has more and more problemsthe other systems start to use own naming strategy based on GUID

• Routing ? Yes, since 1989 BGP (protocol based purely on agreement of ISPs - routing policy). All other known protocols are unacceptable, technically problematic and they are used just locally,many existing routes is not used, quality of routes is not under control

BGP4 ? Yes, Introducing AS was step to aggregation for routing purposes, it helps to postpone problem with effectiveness of routing.

AND the # of ISP and # of AS grow exponentially !

How Internet Grows

0

10000

20000

30000

40000

50000

60000

70000

80000

1988 92 94 95 96 97 98 99 2000

The grow of Internet Routing Tables

#routes

CIDR, PRIVATE IP, NAT bring slowdown of growing RT

Expectations70000 routes

350

(in 2000 - 980 millions of users ???)

In history

Remark.Individual lines are prefixes (paths) from different peers

Grow in 94– 06Source http://www.routeviews.org/dynamics

Flapping = routes on- off-on-off …

http://sahara.cs.berkeley.edu/jan2004-retreat/slides/mcc_rootcause_sahara.ppt

How AS growing brings problem to BGP

This is a reason why your engineersneeds more and more powerfull systems

More about the weaknesses of the Internet

- performance bottlenecks at peering points– Ignores many existing alternate paths– Prevents sophisticated algorithms– Route selection uses fixed, simple metrics– Routing isn’t sensitive to path quality (See next examples)

The Internet is ill suited to mission-critical applicatioPaxson (95-97) 3.3% of all routes has serious problems

Labovitz (97-00) 10% of routes available <95% of time65% of routes available <99.93 minutes minimum detection time for failureaverage recovery ~ 15 minutes

Chandra (01) 5% of faults last more than 2 hours 45 minutes

Wang (06) 80 % of problems on the path is caused by routing

RON - Resilient overlay networks

• Measure all links between nodes• Compute path properties• Determine best route• Forward traffic over that path

David Andersen, Hari Balakrishnan, Frans Kaashoek, and Robert MorrisMIT Laboratory for Computer Science

http://nms.lcs.mit.edu/ron/

Experimental testbed running for users, Main problems

- not suitable for disruptive operation, - low statistics of problematic cases (waiting for errors)

Via Abilene

Via CALREN/CENIC

Example of routing changes (path SLAC – CALTECH)

Traceroute analysis

Menu

ABwE Overview

PROBLEM IS NOT ONLY TO HAVE NAME (registration) But how TO HANDLE resolution (conversion from/to IP)and UPDATE databases which are bigger and bigger

TLD

ns ns

ns

ns

ns

nsns nsns

ns

nsns

ns

ns

.cvut.

.fel.

.cz

.fjfi.

TLD

nsns

ns

ns

ns

nsnsns ns

ns

nsns

ns

com

.de

Most request is resolved on the lowest levelbut not all data are available => Recursing requests

.hp..ibm.Recursing requests

browsers

.fs.cvut.cz

Remember: Each nice Web page can contain several resolutions !!(reference to icon/picture/doc located somewhere in Internet) and for seeing it must be resolved !!

.nl

What is the rate of DNS updates and big volume of data it represents ?

1-2 M updates/hour on root DNS20 top ASes make 50 % updates (China, US, Spain)97% updates is from WINDOWS machines

Wrong coordination between DHCP and DNS for private IP can creates unwanted traffic and requests to global DNS. This leakage is inappropriate from the traffic and also from the security aspects.

REFERENCE CAIDA papers: A.Broido, E.Nemeth, kc claffy, SPECTROSCOPY of Private DNS update Sources

A.Broido, H.Shang, M.Fomenkov, Y.Hyun, kc claffy, The Windows of Private DNS Updates

How DNS will react on machine-machine applications (crowlers, traffic reviewer,..)

How is robust, scalable, sensitive to the attacks and misconfigurations

All these systems were designed for traffic loads that reflect the rate and complexity of human activities

NSF FIND “Future Internet Design”in 2005 as reaction to existing problems

• Creating the Internet you want in 10,15 Years• The Internet which society TRUST • Support pervasive computing (from PDA to

Supercomputing)• Connecting devices and users with all types

communication channels from wireless to optical light paths

• Enable accept further developments and innovations

from Darleen Fisher and Guru ParulkarNSF-CISE presentation

from Darleen Fisher and Guru ParulkarNSF-CISE presentation

from Darleen Fisher and Guru ParulkarNSF-CISE presentation

From: David Alderson CALTECH , NSF Find meeting, Dec. 2005

Situation is getting worse

Larry Peterson Princeton University:A Strategy for Continually Reinventing Internet(May 2005)Why now ?

many architectional proposals ( look on the statistics RFC, papers, etc.)research community is ready to making it realEnabling technologyInfrastructure exists (NLR, Planetlab, .. GN2,.. }

HOW ?Two paths for changesIncrementalClean-Slate (replace Internet with new architecture)

many problems on first path(many limits, hard manage,, vulnerability, hostile)

there are Barriers to second path: Internet ossificated, cannot be replaced Inadequate validation of potential solutions

tesbed dilemma:production testbed = incremental changeexperimental testbed = no real users !

Focus of FIND

On Reinvented Internet Architecture and not on individual network technologies

Internet evolution influenced by clean-slate approach

Alternate architecture(s) coexist with the current Internet

Virtualization becomes the norm with plurality of architectures

New services and applications enabled

Defined Stages of Research for 2007 and Later

Architectures as they emerge will be made operational and tested

• Simulation

• Emulation

• Run on a large-scale GENI facilityExperiments with new architectures at global scale

http://nile.wpi.edu/NS/

Peter A.Freeman NSFVICEJan 2006

2007

Filling GAP (validate new arch. Under realistic conditionsKeep potential deployment in sight)Work on existing experimental. infrastructure

Emulab front-end to PlanetLabExperiments spanning some combination of…Emulab + ORBIT + WAIL + PlanetLabViNI: Virtualized Network InfrastructurePlanetLabslices on layer 2 networks (NLR + Abilene)Internet-in-a-Slice (Click + XORP)

2009

?

?

Planetlab node as INGRESS

NLR as high-speed backbone

Each architecture (service)runs in own slice

Larry Peterson Princeton University:A Strategy for Continually Reinventing Internet(May 2005)

In “A Strategy for Continually Reinventing Internet”(May 2005, Larry Peterson)

Source: From GENI backbone working group

Distribution of load and functionality in Hardware

Why virtual architectures ?

You can separate the tasks into independent HW (computers) each responsible for part of the whole system).

The programs that should control many different entities in real time with complex timing often multiplicatively same for different segments of the huge

systems are rather complex.

The computers are more and more powerful so they are ready to work in “pseudo parallel mode” and to accept some overhead. Application software is much simple.

The reason is not only the distribution of the loadbut also distribution of complexity.

The next step is to create more independent systems (virtual machine VM)on one physical computer. Each VM can run one or more programs. The complexity for writing and running application is much lower than

in original design

Generalized Packet Filters• GPFs are the key to flexibility in this approach

– Extends concept of “filters” normally found on routers– A relatively small number of GPFs can be used as building

blocks for a large number of applications• Ideally, the database of GPFs precludes the writing of new

code!– Supports flexible classification, computation, and actions– GPFs are executed in numeric order:

L2 SwitchingEngine w/ARP

L2 SwitchingEngine w/ARP

Packet filter 1

Packet filter 2

Packet filter n

Default filter

Source : http://sahara.cs.berkeley.edu/jan2004-retreat/index.htmlhttp://sahara.cs.berkeley.edu/jan2004-retreat/slides/tsai_routervm_1-9-04.ppt

Source : http://sahara.cs.berkeley.edu/jan2004-retreat/index.htmlhttp://sahara.cs.berkeley.edu/jan2004-retreat/slides/tsai_routervm_1-9-04.ppt

Classify-Infer-Act• A server and router in “one”

– Tight integration between packet processing and routing

– High bandwidth (routers) and computation (servers)

IP

TCP

HTTP

iSCSI

FCIP

MPLS

Ethernet

ATM

…?

Intrusion Detect

NAT

Store/Ret. State

TCP/IP lookup

Checksum

Count/Tag

…?

Error Detect

Drop

Route

Load Balance

Replace Fields

Resize Pkt

Encrypt

Forward

Compress

…?

Classify Infer Act

sublayer 4

sunlayer 3

sublayer 2

Edge node

Edge node(BASED ON PNE ?)

sublayer 1

RN4RN1

RN3

RN5

RN2

RN1

RN5RN4

RN1

RN5RN4

RN1

RN5RN4

Different application packets

Core network

Different application packets

Domain X Domain Z

Group/class of applications

“Y”

“P”

“G”

“B”

(voice)

(video)

(interactive gaming)

(data)Different L2 allocation

between RN,different routing for each L3 sub-layer

λ λ1

λ2

λ3

λ4

RN = routernode

“Slicing” SHARED IP layer in horizontal level

Questions: Who can create applicaton layer? *jn*

JVM, ISOLATES etc.http://java.sun.com/developer/technicalArticles/Programming/mvm/

Sun's Multi-tasking Virtual Machine runs severalJava applications, called isolates

The overlay is the single application that runsin the JVM, but it allows several pseudo-applicationsnrun concurrently ontop of it.

A standard Java Virtual Machine is a multi-thread-enabledbut mono-application environment

Multi-user Java Environment.

INTERNET

Lastmile

Lastmile

Gateway operatorVOD

VOD

HDTVIPTV

Open Service Gateway

Service providers

Open Service Gateway MULTISERVICE MULTIUSER

The overlay is the single application that runsin the JVM, but it allows several pseudo-applicationsnrun concurrently ontop of it.

Multi-user Java Environment.

The gateway operator, through the core service gateway,acts much like a Unix root user. He allows users (service providers)

to launch their shell or execution environment (their virtual service gateway). The core gateway runs services accessible to all users

More details:http://perso.citi.insa-lyon.fr/sfrenot//publications/royonCBSE06vosgi.pdf

. However, contrary to Unix root users, the core gateway does not have access to service gateways' data, files, etc, since these would belong to different, potentially competing companies. Source: MUSE -NRIA

Xen 3.0 Architecture

Event Channel Virtual MMUVirtual CPU Control IF

Hardware (SMP, MMU, physical memory, Ethernet, SCSI/IDE)

NativeDeviceDriver

GuestOS(XenLinux)

Device Manager & Control s/w

VM0

NativeDeviceDriver

GuestOS(XenLinux)

UnmodifiedUser

Software

VM1

Front-EndDevice Drivers

GuestOS(XenLinux)

UnmodifiedUser

Software

VM2

Front-EndDevice Drivers

UnmodifiedGuestOS(WinXP))

UnmodifiedUser

Software

VM3

Safe HW IF

Xen Virtual Machine Monitor

Back-End Back-End

VT-x

x86_32x86_64

IA64

AGPACPIPCI

SMP

http://www.planet-lab.org

VMM

VS – Virtual server Independent OS LINUX (BSD) running on VM,with own administartion including root with own file system and computation capability

VMMVMM

Slice set of VS on different VM

VMM

Node/Slice in PlanetLab

N4

N2

N3

N7

N8

N1

N9

N5

N6

On each node can run more users (slices)Each of them is running in own virtual systemOne user can run more applications

App1App2App3

SLICE

Node

SLICE A1 (N3,N1,N2,N3,N4,N5,N6.N7,N8,N9)SLICE A2 (N1,N5,N6,N4,N8)SLICE A3 (N1,N2,N7,N10

N10

SLICE A4 (N3,N6,N5,N4)

What is emulation?the ability to mimic another machine on your computer. You can run the same programs that you would on whateverthe other machine is.

http://www.cs.utah.edu/flux/testbed-docs/emulab-dev-jan06.pdf

switch

wired

Thank You for your attention