Author : David Wetherall Presented By : Gokul Nadathur

Active Networks : Visions and Reality2 Tour Guide... zIntroduction zDesign of ANTS zImplementation of ANTS zProtection and resource management issues zWhat’s beyond active networks …

Active Networks : Visions and Reality3 What is an Active Network ? Network architecture that allows : Application Customized Code – Application Customized Code to be dynamically deployed in the network – Code to be Executed in a controlled framework within the network Similar to extensible operating systems (SPIN, Synthesize etc) Packet = Code + data

Active Networks : Visions and Reality4 Server Client Bid Result Client zDynamic deployment of new Internet services zOnline Auctions yClient submits bids yCentral Server processes bids yResponds to requests for current price yDuring high load on server, current price may become invalid by the time it reaches the client Schema for Auction Service Motivation

Active Networks : Visions and Reality5 Auction Service in an Active Network Active Router Client Server Bid Fail Filter Bid zCustomized forwarding routine in active router yif (bid is valid) success else fail yFilters low bids in the network before they reach server zServer periodically updates current prices to active routers zLowers load on server

Active Networks : Visions and Reality6 Apprehensions zSecurity Is it safe yUntrusted user code executing in core routers - Is it safe ? zEfficiency yDynamic code distribution consumes bandwidth yEvery packet now requires additional processing yAuction Service example :- yEvery router has to check if ( user bid > current bid ) yKills packet forwarding performance

Active Networks : Visions and Reality7 ANTS zArchitecture designed to provide extensible network layer service zRouters are active zExtendable at packet level in the form of Capsules zA code distribution scheme

Active Networks : Visions and Reality8 Entities in ANTS zActive Nodes : y Programmable routers connected to IP routers through network channels yMaintain a cache of forwarding code (protocols) and data used by different services yResponsible for secure execution of forwarding code

Active Networks : Visions and Reality9 Capsules zType yIdentifier for the forwarding routine to be executed (carries code by reference) zPrevious address yWhere to get the forwarding routine from if it is not available in the present node (Code Distribution) z Dependent Fields y Parameters for the forwarding code zPayload y Header + data of higher layers IP headerVersionTypePrevious AddressDep fieldsPayload ANTS Header

Active Networks : Visions and Reality10 Example zOnline Auction : zFILTER Capsule : Sent periodically by server to update current bids zBID Capsule : Used by client to submit bid zForwarding Code not found ? zCode provided by end user software zLight weight Code Distribution within the network Server Active Router (Caches Forwarding Code) Client Bid Code Request Code Previous Address field

Active Networks : Visions and Reality11 Code Distribution Extract Type Check in Cache Suspend Execution Fetch code from Previous Addr Receive Response Bootstrap code to cache Wake up Capsule Continue Execution Capsule No Yes Discard on Timeout

Active Networks : Visions and Reality12 Code Distribution (Contd)... zNeed for Bootstrap Capsules to transfer code zWell known type (System Capsules) zDirectory service for selecting protocols zAdvantages yAdapts to packet loss, node failures, changing routes zDisadvantages yHigh Latency of loading can trigger end-system timeouts

Active Networks : Visions and Reality13 Implementation Application Active Node Runtime Soft Store Cached code + data CH 1 CH 2 Capsule User level process in Java Node Runtime : – Schedules and executes capsule instances – Controlled access of soft store using restricted API Channel Class : Creates Capsule instance from IP packet Capsule : Execute custom forwarding routines from cache Node API IP Packet

Active Networks : Visions and Reality14 MD5 fingerprint zType : MD5 fingerprint of forwarding routine code spoofing yPrevents code spoofing yProvides authentication free foundation zJava SandBox yPrevents untrusted code from corrupting node runtime ytype field is defined as constant Firewall yImpossible to create a Firewall yVery Slow ( PLANet - 3 times faster) Protection Schema

Active Networks : Visions and Reality15 Protection Schema... zCode is read-only zData is protected by hashing the store on the type of service to which it belongs

Active Networks : Visions and Reality16 Shared State Protection zR/W sharing of Cached state between related capsule types zAuction Example : yFILTER Capsule sent by server updates current bids yBID Capsule sent by client uses this data to validate its bid zHierarchical Fingerprint for shared state : yComplex Type identifiers for shared state yForwarding routines A and B share state (A,(A, B) H ) H (B,(A, B) H ) H yType identifier for shared state: (A,(A, B) H ) H and (B,(A, B) H ) H (A, B) H yIdentifies a single service (A, B) H to which both A and B belong

Active Networks : Visions and Reality17 Resource Management zUnbounded utilization of yComputing resources (Long forwarding routines) yNetwork Bandwidth ( Flooding child capsules ) zSolutions : yWatchdog timers for breaking long forwarding routines yTTL to limit number of hops yStatic limit on fanouts zApplication floods Network ynetwork based resource allocation

Active Networks : Visions and Reality18 Open Issues zAdministrative Issues y Who can introduce new services ? yHackers Paradise zOpen Research Area : A Killer Application ?

Active Networks : Visions and Reality19 And Beyond And Beyond … zRadio Active Networks yAdaptable Wireless Network Architecture yExtend programmability to physical layer Software Radios Active Networks yUses Software Radios and Active Networks yHigher layers interact with physical layer to observe changing conditions yBased on the change appropriate physical layer is selected zExample : Basestation to mobile system yDynamically create channels according to mobile host population yCreate channels of different priority and QoS