walt burkhart andrew chien (adjunct) kc claffy (adjunct) keith marzullo (chair) joe pasquale stefan...
TRANSCRIPT
Walt Burkhart
Andrew Chien (adjunct)
kc claffy (adjunct)
Keith Marzullo (chair)
Joe Pasquale
Stefan Savage
Alex C. Snoeren
Amin Vahdat
George Varghese
Geoff Voelker
What do you mean by Systems? Networking?
Systems. Noun. From Greek systEmat: “to combine”1. Degenerate branch of computer science, combining
bits of Theory, AI, Architecture, PL/Compilers, Crypto, Databases, etc for crass utilitarian purposes.
Networking. Noun. (1560)1. The study of systems that communicate. 2. The study of relevant systems.
Here, systems, networking (and security) all blur together.
We’re interested in solving real or emerging problems by designing, building and measuring real hardware and software artifacts.
UCSDSystems & Networking
Large group 10 faculty, ~40 students, 4 full-time staff
Broad interests High-speed storage, fault-tolerance, network &
system security, routing protocols, overlay networks, virtual machines, distributed programming, wireless networks, distributed debugging, content caching, router design, network measurement, distributed authentication, self-managing/adaptive systems, peer-to-peer systems, applications of economics/game-theory, mobile code, multimedia, grids, scheduling, etc….
Resource rich$10M+ in committed $$$ ~80 workstations, 400+ servers,
10’s of TB of storage, 10Gbps uplink, unmatched network monitoring, programmable wireless infrastructure
Good surf + high-quality espresso machine + biometric soda machine
Quick Horn Tooting
• Faculty (great)– 7 Sysnet faculty hired in last decade have all turned
down tenure-track offers at “top 5” schools to be here
– 2 Sloan Fellows, 2 ACM Fellows, 1 IEEE Fellow, 5 NSF Career/PYI winners, and 1 ONR PYI winner
• Research record (great)– In last nine: 13 SOSP/OSDI, 19 NSDI/USITS, 23
SIGCOMM, 16 INFOCOM, 6 SIGMETRICS– 12 award papers, >20 “most cited” in CiteSeer
• Bottom line: We do okay...
But… who cares?
This is all irrelevant crap!
Pick your Ph.D. program
based on where you will do
the best work
Some Recent Efforts
• Routing– Distributed Rate Limiting
• Wireless– Jigsaw/Shaman
• Measurement & emulation– dK-series
• Security– Tint/Neon/Storm…
Ken
kc
Internet Routing• Quality of wide-area routing
[SIGCOMM 99]
• Flexible inter-AS routing [SIGCOMM00, JSAC01]
• Exploiting multi-path for reliability [SOSP01, IMC03 (2)]
• Impacts of “HotPotato” routing [SIGCOMM02, SIGMETRICS04, SIGCOMM04, PAM05]
• Debugging routing failures [NSDI05,INFOCOM07]
San Francisco
Dallas
New York
ISP network
dst
9 1011
San Francisco
Dallas
New York
ISP network
dstdst
9 109 101111
Cloud Control• Resources and clients are across the world• Services combine these distributed resources
1 Gbps
Distributed Rate Limiting
• Make distributed feel centralized– Packets should experience same limiter behavior
S
S
S
D
D
D
0 ms
0 ms
0 ms
Limiters
High-speed Network Processing
• Goal: Need to process network traffic in-line at high speeds– E.g., 40 Gbps using limited (< 4Mbyte) SRAM with 1 nsec access
time using a few memory references.
• Deficit Round-Robin Scheduling [SIGCOMM95]
• Forwarding Lookups [SIGCOMM98, SIGCOMM00]
• Packet Classification [SIGCOMM98, SIGCOMM99,SIGCOMM01, Infocom 03, SIGCOMM03]
• Interface Statistics [SIGMETRICS03]
• Security processing [Infocom03,IMC04, OSDI04]
• Flow Measurement [SIGCOMM02, IMC03,SIGCOMM04, IMC05,SIGMETRICS05]
The Dude
Bottom line:
Every packet you send on
the Internet uses several of
these algorithms
Network MeasurementAnalysisMeasurement
1
22
3
2
4
2
2
5
Tim
e
• Measurement Tools (e.g., loss, BW) [USITS99,IMW02, SIGCOMM03, USENIX04, ToN04, IMC04, PAM05 ]
• Routing [SIGCOMM99, IMC03, SIGCOMM04, SIGMETRICS04, PAM05]
• Web & content distribution [USITS99, SOSP99, USITS01, WWW04, Infocom01, WCW01, WCW02, IPTPS03]
• Security Measurements [USENIX Sec01, IMW02, S&P03, S&P04, TOCS06, IMC06]
Graph Rescaling: dK series
1K 2K 3K
ModelNet: Scalable Network Emulation
[OSDI02, MASCOTS03, MASCOTS04]• Goal: answer “what if” questions
about network & application changes
• Step 1: specify target wide-area topology– Labeled w/BW, latency, loss
rates, etc.• Step 2: map topology to router
core
• Step 3: run real applications on end systems
GbSwitch
100MbSwitch
EdgeNodes
RouterCore
ModelNetcore
ipfw
Routelookup
pipe 12 pipe 43 pipe 26
IPOutput
10.1.1.410.1.2.3
VNs10.1.1.1-10.1.1.10
VNs10.1.2.1-10.1.2.10
Edge Node A Edge Node B
IP packet
del ay l oss
ModelNetcore
ipfw
Routelookup
pipe 12 pipe 43 pipe 26
IPOutput
10.1.1.410.1.2.3
VNs10.1.1.1-10.1.1.10
VNs10.1.2.1-10.1.2.10
Edge Node A Edge Node B
IP packet
del ay l oss
del ay l oss
RackNRack1
Virtual Clusters
VLAN Switch
UsherCtrl, Bind, SQL, LDAP, RO
NFS
RW NFS
node3VMM
nodeNVMM
VLAN Switch
node1VMM
node2VMM
node3VMM
node4VMM
nodeNVMM
LNM VM1
VMM (Xen)
VMN
Time Dilation
• Change OS’s perception of time via virtual machine• Physical resources appear faster
• 1-Gbps,100ms link appears as 10-Gbps,10 ms w/TDF=10• Test impact of future network hardware
DieCast
VMM
VMM VMMVMM
Gigabit Switch
VMM VMM
ModelNetModelNet
Gigabit Switch Gigabit Switch
Gigabit Switch Gigabit Switch
LoadBalancer
• Goal: test new service at scale– Similar hardware, software, workload, etc
• But without the overhead of scale
Wireless Networking• Transport-layer Mobility
[Mobicom00,USITS01]• 802.11 use characterization
[SIGMETRICS02]• 802.11 Hotspot architecture
[PCM02, WMCSA02, WMASH03]• Energy Efficient Protocols
[Sensys03] • 802.11 Denial-of-Service
[USENIX Security03]• Congestion vs Wireless loss
differentiation [MMCN02, ToN03]
• 802.11 Fast Handoff (SyncScan) [Infocom05]
• Location services and characterization [Mobisys05, M2CN06]
• Comprehensive monitoring [SIGCOMM06]
DNS ServerDNS Server
Mobile Hostfoo.bar.edu
Mobile Hostfoo.bar.edu
Location Query(DNS Lookup)Location Query(DNS Lookup)
Location Update(Dynamic DNS Update)
Connection Migration
Location Update(Dynamic DNS Update)
Connection Migration
yyy.yyy.yyy.yyy
CorrespondentHost
0
100
200
300
400
500
600
700
800
1 9 17 25 33 41 49 57 65 73 81 89 97 105 113 121 129 137 145 153
time (s)
pa
ck
ets
Attacker WinXP Linux Thinkpad Linux iPaq MacOS X
Jigsaw: Enterprise-scale 802.11 Monitoring/Analysis
• Goal: understand how production WiFi networks really work, or don’t work, and why.
• >190 software-defined 802.11 radio monitors
• Global view of wireless activity– All frequencies in all space (>1M ft3)
• Passive broadcast-based time synchronization (order 1us)
• Reconstruct traffic view at each layer (physical, datalink, network/transport)– Can directly see contention, broadband
interference, layer interactions, etc• Automatic cross-layer diagnosis of
problems
CCIED• Collaborative Center for Internet Epidemiology and
Defenses (“Seaside”)– Joint UCSD/ICSI project, 1 of 4 National CyberTrust Centers – Focused on threats posed by large-scale host compromise
• Worms, viruses, botnets, DDoS, spam, etc– Supported by >$7M from NSF, Microsoft, Cisco, Intel, HP,
Symantec, Ericsson, VMWare, AT&T, Sun, Qualcomm
• Three key areas of work– Network Epidemiology– Automated Defenses– Forensic, legal, economic drivers
• See: http://www.ccied.org
Potemkin Honeyfarm
• Provide the illusion of millions of honeypots– But use a much smaller
set of physical resources– 1 Million IP addresses on
10s of physical hosts
• Gateway multiplexes traffic onto multiple virtual machines (VMs)
• VMM multiplexes multiple VMs on physical servers
Vrable et al., Scalability, Fidelity, and Containment in the Potemkin Virtual Honeyfarm, SOSP 2005.
Currently, largest high-fidelity honeyfarm on planet
Outbreak Defense• Modern worms can infect
>1M hosts/sec [S&P03,WORM04]
• Need to detect and block new outbreaks << 1 sec [Infocom03]
SRC: 11.12.13.14.3920 DST: 132.239.13.24.5000 PROT: TCP
00F0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................0100 90 90 90 90 90 90 90 90 90 90 90 90 4D 3F E3 77 ............M?.w0110 90 90 90 90 FF 63 64 90 90 90 90 90 90 90 90 90 .....cd.........0120 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................0130 90 90 90 90 90 90 90 90 EB 10 5A 4A 33 C9 66 B9 ..........ZJ3.f.0140 66 01 80 34 0A 99 E2 FA EB 05 E8 EB FF FF FF 70 f..4...........p. . .
PACKET HEADER
PACKET PAYLOAD (CONTENT)
SRC: 11.12.13.14.3920 DST: 132.239.13.24.5000 PROT: TCP
00F0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................0100 90 90 90 90 90 90 90 90 90 90 90 90 4D 3F E3 77 ............M?.w0110 90 90 90 90 FF 63 64 90 90 90 90 90 90 90 90 90 .....cd.........0120 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................0130 90 90 90 90 90 90 90 90 EB 10 5A 4A 33 C9 66 B9 ..........ZJ3.f.0140 66 01 80 34 0A 99 E2 FA EB 05 E8 EB FF FF FF 70 f..4...........p. . .
PACKET HEADER
PACKET PAYLOAD (CONTENT)
Earlybird: Line-rate network inference of worm signatures [OSDI04]
Derived Data Management
• Modern organizations wish to enforce a range of information management policies– Who may access data?– How it is accessed?– What it can be used for?
• Why?– Regulatory constraints– Trade secret protection– ID Theft– Brand Damage
However…• While most policies are about data…
– “Customer records should be encrypted on disk”– “GPLed files should not be used to build product binaries” – “Trade secret data should not leave the corporate network”
• Most enforcement mechanisms are about data containers– Encrypted files (e.g. EFS), File-based authentication– VPNs+ routing restriction (must route via mothership)
Data-oriented policy management
• Tag data with its policy• Tag any data derived from other sources with the
union of their policies• Policy tags should be preserved on disk and
across network (in enterprise)• Enforce policy during I/O
– Data leakage: no packet with “corp only” policy tag should be allowed to leave access routers
– Forced encryption: buffer with “must encrypt” policy tag must be encrypted before being written to disk
Neon: Derived Data Tracking
• Track information flow through host and network• Data is ‘tinted’ based upon its source
– Tint propagates from inputs to outputs– Implemented at the VMM level to support any OS
• Enables enforcement of data management polices – Name/SSN always encrypted on disk, Cisco source code never
leaves company, product never/only dependent on GPL, etc
+ =
Tons of other stuff…• Runtime/PL Support for Distributed Computing
[NSDI04, PLDI07]
• Low-overhead link-state routing• Machine-learning for protocol recognition
[IMC05]
• Modeling dependent failures [DISC05, EuroPar05, USENIX05, ICDCS03]
• Automated Availability Management [NSDI04, Infocom06]
• Resource Management in Federated Systems [SOSP03,WEPPS05,HPDC05,HOTOS05,EMNets05,Infocom05]
• Constant-time QoS scheduling [SIGCOMM03]
• Grid protocols, storage, group membership, etc…
Finally, we know howto have fun too…
Ultimately we faculty only make noise…
… the students make everything happen
