The Stanford Clean Slate Program

Slides:

Advertisements

Similar presentations

June 2007NSF Find Forensics and Attribution in Ethane Martin Casado Stanford University With: Michael Freedman, Justin Pettit, Jianying Luo, Natasha Gude,

Advertisements

Fundamental Issues of Future Internet Introduction, Design Goals and Principles Mingwei Xu Qingdao.

Grand Challenges in Networking Nick Feamster CS 7001.

Nick Feamster Research: Network security and operations –Helping network operators run the network better –Helping users help themselves Lab meetings:

The Stanford Clean Slate Program Nick McKeown Professor of Computer Science & Electrical Engineering.

Contents Shortcomings of QoS in the Current Internet About OpenFlow

Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.

1 Seminar on “Clean Slate Design for the Internet” Nick McKeown

PI Server Security Bryan S. Owen Omar A. Shafie.

The Future Internet: A clean-slate design? Nicholas Erho.

Flow Space Virtualization on Shared Physical OpenFlow Networks Hiroaki Yamanaka, Shuji Ishii, Eiji Kawai (NICT), Masayoshi Shimamura, Katsuyoshi Iida (TITECH),

OpenFlow : Enabling Innovation in Campus Networks SIGCOMM 2008 Nick McKeown, Tom Anderson, et el. Stanford University California, USA Presented.

Virtualization and OpenFlow Nick McKeown Nick McKeown VISA Workshop, Sigcomm 2009 Supported by NSF, Stanford Clean.

Future Internet A Sustainable Network Andrea Soppera – Network Research Centre BT Innovate.

June, 2006 Stanford 2006 Ethane: Addressing the Protection Problem in Enterprise Networks Martin Casado Michael Freedman Glen Gibb Lew Glendenning Dan.

1 GENI: Global Environment for Network Innovations Jennifer Rexford On behalf of Allison Mankin (NSF)

Future Research Directions Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.

The Future of Internet Research Scott Shenker (on behalf of many networking collaborators)

Transport SDN: Key Drivers & Elements

Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study

Information-Centric Networks10b-1 Week 13 / Paper 1 OpenFlow: enabling innovation in campus networks –Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru.

OpenFlow: Enabling Technology Transfer to Networking Industry Nikhil Handigol Nikhil Handigol Cisco Nerd.

Chapter 8 Help is here!. Cabling Whenever you need cabling that will protect your signal from electrical interference there is only one correct answer:

Common Devices Used In Computer Networks

OpenFlow: Enabling Innovation in Campus Networks

How Emerging Optical Technologies will affect the Future Internet NSF Meeting, 5 Dec, 2005 Nick McKeown Stanford University

SANE: A Protection Architecture for Enterprise Networks

Sponsored by the National Science Foundation Workshop on Research Recommendations for the Broadband Task Force Chip Elliott GENI Project Director November.

A Simple Unified Control Plane for Packet and Circuit Networks Saurav Das, Guru Parulkar, Nick McKeown Stanford University.

Network Architecture: Design Philosophies IS250 Spring 2010 John Chuang

The FI-WARE Project – Base Platform for Future Service Infrastructures FI-WARE Interface to the network and Devices Chapter.

A Framework for Internetworking Heterogeneous High-Performance Networks via GMPLS and Web Services Xi Yang, Tom Lehman Information Sciences Institute (ISI)

June, 2006 Stanford 2006 Ethane. June, 2006 Stanford 2006 Security and You  What does security mean to you?  Data on personal PC?  Data on family PC?

OpenFlow：Enabling Innovation in Campus Network

Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,

Cisco 3 - Switches Perrine - Brierley Page 112/1/2015 Module 5 Switches.

Concerns with Network Research Funding S.Floyd & R. Atkinson, Editors Internet Architecture Board draft-iab-research-funding-02.txt.

Clean Slate Seminar CS541: Fall 2007/8 Nick McKeown Guru Parulkar

Virtualization as Architecture - GENI CSC/ECE 573, Sections 001, 002 Fall, 2012 Some slides from Harry Mussman, GPO.

Information-Centric Networks Section # 13.2: Alternatives Instructor: George Xylomenos Department: Informatics.

1 Transport Layer: Basics Outline Intro to transport UDP Congestion control basics.

4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.

SDN and Beyond Ghufran Baig Mubashir Adnan Qureshi.

1 June 9 th, WARD ICT Mobile Summit W D 4 WP1 - BIRD Business Innovation, Regulation and Dissemination Luis M. Correia, IST-TUL, PT Klaus.

Mobile IP THE 12 TH MEETING. Mobile IP  Incorporation of mobile users in the network.  Cellular system (e.g., GSM) started with mobility in mind. 

15-1 Networking Computer network A collection of computing devices that are connected in various ways in order to communicate and share resources Usually,

LESSON Networking Fundamentals Understand IPv4.

Chapter 1: Explore the Network

CIS 700-5: The Design and Implementation of Cloud Networks

NET 3710 WAN Data Networks.

Welcome Network Virtualization & Hybridization Thomas Ndousse

Local Area Networks Yiannos Mylonas.

The Digital High Street Parking Forum: Parking & the Digital High Street 1st June 2017 Kieran Fitsall Head of Service Improvement & Transformation.

Module 8: Securing Network Traffic by Using IPSec and Certificates

System Wide Information Management (SWIM)

How Global MPLS Service Brings World Altogether?

Four myths about GENI (and one recommendation)

Module 5 - Switches CCNA 3 version 3.0.

Why the Multistakeholder Approach Works

The Stanford Clean Slate Program

NETWORK BASICS Network - a communications, data exchange, and resource-sharing system created by linking two or more computers and establishing standards,

Chapter Goals Compare and contrast various technologies for home Internet connections Explain packet switching Describe the basic roles of various network.

Overview of ETS in Committee T1

Module 8: Securing Network Traffic by Using IPSec and Certificates

Ethane: Addressing the Protection Problem in Enterprise Networks

Nick McKeown High Performance Networking Group Stanford University

Chapter-6 Access Network Design.

Ethane: Addressing the Protection Problem in Enterprise Networks

Overview of Networking

Presentation transcript:

The Stanford Clean Slate Program Issues in Future Internet Design Nick McKeown Stanford University Broadnets, October 4, 2006 The Stanford Clean Slate Program http://cleanslate.stanford.edu 100x100 Clean Slate Program http://100x100network.org

We have lost our way The simple default-on end-to-end network is long-gone. It is hard to reliably identify users, to stop them from causing harm, and hold them accountable. It is hard to support mobile users and data. We are not enjoying the efficiencies of a lightweight, statistically shared infrastructure. There are still many things we’d be frightened to do: e.g. air-traffic control, telesurgery. The network is unreliable. We are tweaking. The research community has a lot to answer for: we’ve been stuck in incrementalism and backward compatibility. There is change afoot … NSF FIND and GENI.

A Future Internet Robust and available Inherently secure Support mobile end-hosts Economically viable and profitable Evolvable Predictable Anonymity where prudent … …accountability where necessary Improving the lot of the user The list is simple, but getting there is not at all obvious.

Was: Non-issues Became: What not to attempt Don’t base research on guesses of what the applications will be: All previous attempts failed Ditto for physical layers Expect rampant and unpredictable innovation in both

Chronology 2005: A sea-change in the networking research community Prompted by NSF 100x100 Clean Slate Program NSF FIND: Funding for architectural ideas NSF GENI: Creating a platform for experimenting with new architectures, services and technologies 2006: A large community-wide effort GENI planning process Programs starting in Europe and Asia

100x100 Clean Slate program: How we are proceeding Clean Slate Approach Leverage Network Structure Holistic Design

Stanford Clean Slate Program: How we are proceeding Bring together a broad set of experts from different disciplines. Create new research programs in five areas. Include theory, architecture, and demonstration.

The Stanford Clean Slate Program Create a breeding ground for new collaborative projects across boundaries Projects that will have significant impact in 10-15 years Exploit Stanford’s breadth and depth Work closely with a focused group of committed industrial partners

Projects underway Projects Clean-slate approaches to security for private and public networks Boneh, Mazieres, McKeown, Rosenblum How to incorporate high capacity optics in the network core? Kazovsky, McKeown Theory: Flow-level models and scaleable queueing theory Prabhakar, Saberi Wireless & Economics: Cooperation and Competition in Wideband Wireless Resource Allocation Goldsmith, Johari Other Stanford Clean Slate projects Clean Slate design of predictable, resilient backbone networks Clean Slate congestion control to minimize download time Programmable nationwide backbone network

An Illustrative Example: Clean Slate Approach to Security for Enterprise/Private Networks Centrally administered Network security is important Someone has a security policy in their head or on paper

Problem “Default-on” communication model Access control filters (ACLs) implemented in every router/firewall to determine which flows are allowed (based on <src IP, dst IP, src Port, dst Port, Protocol> tuple) Often misconfigured or incomplete When paths change, easily circumvented Access control tied to packets, not services, users, end-hosts Therefore: fragile; “choke points”; hard to tell if security policy is implemented correctly.

Approach “Default-off” Communication To communicate: Topology opaque User authenticates with network, Asks for permission to communicate Network compares request against security policy If allowed, install state in network for this dialog Route controlled by security policy Permission not checked against policy for each packet Topology opaque

Ethane Prototype to test/use SANE ideas Interoperates with unmodified clients Ethernet version of SANE Based on custom “Domain Controller” and custom Ethernet switches Decntralized trust -> know where to put man with gun (XXX: make sure these are symmetric with the problems with IP)