A Scalable High-Performance Active Network Node Dan S. Decasper and Bernhard Plattner, EETH Zurich Guru M. Parulkar, Sumi Chai, John D. Dehart, and Tilman.

Slides:

Advertisements

Similar presentations

NetServ Dynamic in-network service deployment Henning Schulzrinne (Columbia University) Srinivasan Seetharaman (Georgia Tech) Volker Hilt (Bell Labs)

Advertisements

Encrypting Wireless Data with VPN Techniques

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Overview Motivations Basic static and dynamic optimization methods ADAPT Dynamo.

EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,

Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.

Network Innovation using OpenFlow: A Survey

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential The Internet offers no inherent security services to its users; the data transmitted.

1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.

1 Network Management Active Networks. 2 Network Management.

Rob Jaeger, University of Maryland, Department of Computer Science 1 Active Networking “ The active network provides a platform on which network services.

Lesson 5 – Understanding Network Hardware. Repeaters Hubs and concentrators Bridges Routers Switches Gateways Firewalls Short-haul modems OVERVIEW.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

And how they are used. Hubs send data to all of the devices that are plugged into them. They have no ability to send packets to the correct ports. Cost~$35.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

1 The SpaceWire Internet Tunnel and the Advantages It Provides For Spacecraft Integration Stuart Mills, Steve Parkes Space Technology Centre University.

Penetration Testing Security Analysis and Advanced Tools: Snort.

Tutorial 11 Installing, Updating, and Configuring Software

Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,

Introduction to the Atlas Platform Mobile & Pervasive Computing Laboratory Department of Computer and Information Sciences and Engineering University of.

So just what is the Sedona Framework? –The Framework is an embedded device programming and control environment with two major facets –Open Source Free.

1 Design and Performance of a Web Server Accelerator Eric Levy-Abegnoli, Arun Iyengar, Junehwa Song, and Daniel Dias INFOCOM ‘99.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Address Resolution Protocol(ARP) By:Protogenius. Overview Introduction When ARP is used? Types of ARP message ARP Message Format Example use of ARP ARP.

Active Networks – The Network Future By Samatha Gangapuram Prashant Shanti Kumar Harish Kumar Maringanti.

1 Liquid Software Larry Peterson Princeton University John Hartman University of Arizona

1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

January 9, 2001 Router Plugins (Crossbow) 1 Washington WASHINGTON UNIVERSITY IN ST LOUIS Router Plugins (Formerly Crossbow) A Software Architecture for.

PR SM A Secure Code Deployment Scheme for Active Networks Amdjed Mokhtari Leïla Kloul 22 November 2005.

Web Cache Redirection using a Layer-4 switch: Architecture, issues, tradeoffs, and trends Shirish Sathaye Vice-President of Engineering.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

A Survey of Active Network Research By:Tennehouse,Smith,Sincoskie,Wettherall,Minden Presented By:Prashant, Ravikiran, Ashutosh.

June 2000 MSR Design 1 Washington WASHINGTON UNIVERSITY IN ST LOUIS The Washington University Active Network Software Framework John DeHart Washington.

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

Introduction to Active Network Technology Bernhard Plattner Computer Engineering and Networks Laboratory ETH Zurich, Switzerland.

July 12th 1999Kits Workshop 1 Active Networking at Washington University Dan Decasper.

Network Components David Blakeley LTEC HUB A common connection point for devices in a network. Hubs are commonly used to connect segments of a LAN.

SelfCon Foil no 1 Variability in Self-Adaptive Systems.

Object Oriented Analysis and Design 1 Chapter 9 From Design to Implementation  Implementation Model  Forward, Reverse, and Round-Trip Engineering  Mapping.

Dispatching Java agents to user for data extraction from third party web sites Alex Roque F.I.U. HPDRC.

Chapter 7 OSI Data Link Layer.

1 IEX8175 RF Electronics Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

IPS Infrastructure Technological Overview of Work Done.

ARP ‘n RARP. The Address Resolution Protocol (ARP) is a request sent out by a computer to find another computer’s MAC address. It already knows the IP.

Anetd and the Abone SRI International Livio Ricciulli.

Danilo Florissi, Yechiam Yemini (YY), Sushil da Silva, Hao Huang Columbia University, New York, NY 10027

VIRTUAL NETWORK PIPELINE PROCESSOR Design and Implementation Department of Communication System Engineering Presented by: Mark Yufit Rami Siadous.

Software Defined Networking and OpenFlow Geddings Barrineau Ryan Izard.

Chapter 4: server services. The Complete Guide to Linux System Administration2 Objectives Configure network interfaces using command- line and graphical.

Intro to the Atlas Platform Raja Bose Dr. Abdelsalam (Sumi) Helal January 23, 2007.

Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.

IST 201 Chapter 11 Lecture 2. Ports Used by TCP & UDP Keep track of different types of transmissions crossing the network simultaneously. Combination.

1 Dynamic Classification in a Silicon-Based Forwarding Engine Technology Center, Nortel Networks & The University of Maryland Rob Jaeger

SDN controllers App Network elements has two components: OpenFlow client, forwarding hardware with flow tables. The SDN controller must implement the network.

EA C451 Vishal Gupta.

Chapter 3: Windows7 Part 4.

Demonstration of a High Performance Active Router DARPA Demo - 9/24/99

Active Networking at Washington Univ.

The Active Node Transfer System By Chris McAnally & Manu Mittal

A Network Operating System Edited By Maysoon AlDuwais

NetFPGA - an open network development platform

Integrating Active Networking and Commercial-Grade Routing Platforms

Presentation transcript:

A Scalable High-Performance Active Network Node Dan S. Decasper and Bernhard Plattner, EETH Zurich Guru M. Parulkar, Sumi Chai, John D. Dehart, and Tilman Wolf, Washington University Presenter: San-Chu Han, Yan Xiao, and Jin Zhang

Introduction Two approaches in Active Networking: Programmable Switches Capsules

Convergence Motivation: Some sort of code caching makes a lot of sense (network caching) Users use code from a set of code modules written by specialists instead of injecting their own programs into the network

Related Work ANTS (MIT): Capsule approach Smart Packets (BBN): Capsule approach Georgia Tech: Network Caching SwithWare (Univ. of PA): Active Packet, Switchlet, Secure Active Router Scout/Joust (Univ. of AZ): Fastest Java environment for AN Netscript (Columbia University)

Active Networking Node (ANN) Hardware: Gigibit Environment Software: -NodeOS -Execution Environment

ANN Hardware A high number of processing elements (PEs) compared to the number of router ports Tight coupling between a processing engine and the network, as well as between the processing engine and a switch backplane Scalable processing power to meet the demands of active processing of packets

ANN Software Infrastrucure NodeOS: Kernel; Execution Environment (EE): active networking protocol-specific; DAN, Smart Packets, Switch Ware, IP, etc.

NodeOS Device Drivers (DD) Packet Classifier (PC) Selector Dispatcher (SD) Packet Scheduler (PS) Resource Controller (RC) Plugin Control Unit (PCU) Plugin Manager (PM)

Distributed Code Caching (DAN) Combination of the programmable switch and capsule approaches Replace the capsules’ program code by a reference to an active plugin stored on a code server Code fragment (plugin) is dynamically linked and executed like local code

DAN features Active Plugins in Object Code Security Addressed by Use of Well-Known Cryptography Techniques Minimization of Code Download Time Policies Integration with Existing Network Protocols

Active Plugins in Object Code Active plugins are programmed in higher- level languages such as C and compiled into object code for the ANN platform Once loaded, they are in no way different than any other code

Security Addressed by Use of Cryptography Techniques All active plugins stored on code servers are digitally signed by their developers Code servers are well-known network nodes that authenticate active plugins when sending them to ANN ANNs have the capability to check the plugin’s sources and developer before installing and running active plugins locally

Minimization of Code Download Time Probe packet Optimal code server arrangement Minimizing the distance between ANN and code server

Policies Acceptance of specified active plugins Plugin caching behavior: Setting timeouts for active plugins.

Integration with Existing Network Protocols Data link layer: Link layer control (LLC) SNAP field Network layer: IP options, especially IPv6 Transport layer: Active plugin download can take place on connection setup

The DAN Execution Environment Active Function Dispatcher (AFD) Active Plugin Loader (APL) Policy Controller (PC) Security Gateway (SG) Plugin Database Controller (PDC) Plugin Request (PR)

Code Server Feature a database of active plugins Networks nodes running a version of the DPMgmt End systems similar to database servers are better suited to be configured as code servers

Plugin Packages The code for one or more active functions The developer’s digital signature The code server’s authentication info. Configuration information

Conclusion and Future Work Three key components (factors) In the process of implementing the system Start working on a variety of applications: automatic protocol deployment and others