Enabling Active Networks Services on A Gigabit Routing Switch Tal Lavian and the Openetlab Team.

Slides:



Advertisements
Similar presentations
NetServ Dynamic in-network service deployment Henning Schulzrinne (Columbia University) Srinivasan Seetharaman (Georgia Tech) Volker Hilt (Bell Labs)
Advertisements

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—4-1 Implementing Inter-VLAN Routing Deploying Multilayer Switching with Cisco Express Forwarding.
An Overview of Software-Defined Network Presenter: Xitao Wen.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
SDN and Openflow.
August Extensible Router Workshop – Princeton University Open Networking Better Networking Through Programmability Extensible Router Workshop Princeton.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson
Open Innovation via Java-enabled Network Devices Tal Lavian
Rob Jaeger, University of Maryland, Department of Computer Science 1 Active Networking “ The active network provides a platform on which network services.
An Overview of Software-Defined Network
An Overview of Software-Defined Network Presenter: Xitao Wen.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Course 201 – Administration, Content Inspection and SSL VPN
And how they are used. Hubs send data to all of the devices that are plugged into them. They have no ability to send packets to the correct ports. Cost~$35.
Hands-on Networking Fundamentals
CISCO ROUTER.  The Cisco router IOS  Enhanced editing  Administrative functions  Hostnames  Banners  Passwords  Interface descriptions  Verifying.
Intranet, Extranet, Firewall. Intranet and Extranet.
Cisco PIX firewall Set up 3 security zones ***CS580*** John Trafecanty Jules R. Nya Baweu August 23, 2005.
Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
1 Liquid Software Larry Peterson Princeton University John Hartman University of Arizona
Active Network Node in Silicon-Based L3 Gigabit Routing Switch Active Network Node in Silicon-Based L3 Gigabit Routing Switch 1 UC Berkeley Engineering.
Dec. 3-5, DARPA AN PI Meeting Active Nets Technology Transfer through High-Performance Network Devices Tal Lavian - Nortel Networks.
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Introduction to HP Availability Manager.
May 28-29, DANCE Exposition Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines Tal Lavian - Nortel Networks.
NICTA-SEACS Seminar D. B. Hoang Advanced Research in Networking IICT – Faculty of IT University of Technology, Sydney A Programmable Platform for Internet.
To be smart or not to be? Siva Subramanian Polaris R&D Lab, RTP Tal Lavian OPENET Lab, Santa Clara.
NETWORKING COMPONENTS AN OVERVIEW OF COMMONLY USED HARDWARE Christopher Johnson LTEC 4550.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Active Networking On A Programmable Networking Platform The Openet Team Nortel Networks Technology Centre.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Release 16/07/2009Jetking Infotrain Ltd. Basic Router Configuration Chapter 5.
8/15/99 1 Stanford, Hot Interconnect Open Programmable Architecture for Java-enabled Network Devices A Revolution! Tal Lavian Technology Center Nortel.
Agilent Technologies Copyright 1999 H7211A+221 v Capture Filters, Logging, and Subnets: Module Objectives Create capture filters that control whether.
9/29/99 1 Santa Clara University Open Programmable Architecture for Java-enabled Network Devices Tal Lavian Technology Center Nortel Networks
May 28-29, DANCE Exposition Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines Tal Lavian - Nortel Networks.
1 Integrating Active Networking and Commercial-Grade Routing Platforms The University of Maryland Rob Jaeger J.K. Hollingsworth Bobby.
9/29/99 1 Openet Center - Java-enabled Network Devices Open Programmable Architecture for Java-enabled Network Devices Tal Lavian Technology Center
Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.
Chapter 4 Version 1 Virtual LANs. Introduction By default, switches forward broadcasts, this means that all segments connected to a switch are in one.
Network Management CCNA 4 Chapter 7. Monitoring the Network Connection monitoring takes place every day when users log on Ping only shows that the connection.
1 Java-enable Network Devices Programmable Network Node: Applications 1 Technology Center, Enterprise Solutions, Nortel Networks 2 Department of Computer.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.
1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.
Model: DS-600 5x 10/100/1000Mbps Ethernet Port Centralized WLAN management and Access Point Discovery Manages up to 50 APs with access setting control.
Networks and Security Great Demo
Tal Lavian Openet: Nortel Network, Advanced Technology Lab Open Networking through Programmability.
1 Dynamic Classification in a Silicon-Based Forwarding Engine Technology Center, Nortel Networks & The University of Maryland Rob Jaeger
Operating Cisco IOS Software
InterVLAN Routing 1. InterVLAN Routing 2. Multilayer Switching.
6. The Open Network Lab Overview and getting started
© 2002, Cisco Systems, Inc. All rights reserved.
The DPIaaS Controller Prototype
Tal Lavian Nortel Network, Advanced Technology Lab
Traffic Analysis with Ethereal
Introduction to the Junos Operating System
Access Control Lists CCNA 2 v3 – Module 11
Firewalls Routers, Switches, Hubs VPNs
IP Control Gateway (IPCG)
Integrating Active Networking and Commercial-Grade Routing Platforms
Intelligent Network Services through Active Flow Manipulation
Presentation transcript:

Enabling Active Networks Services on A Gigabit Routing Switch Tal Lavian and the Openetlab Team

Enabling Active Networks Services on A Gigabit Routing Switch 2 CONTENTS Challenges of Customized Networking and The Active Networks Approach The Gigabit Routing Switch: Accelar The ORE Programmability ORE services and Customer Deployment The ORE ANTS: an example of injecting AN services into network nodes Summary

Enabling Active Networks Services on A Gigabit Routing Switch 3 Challenges of Customized Networking Ever more functionality done in hardware –good: bring faster processing ability –bad: reduce the opportunity to introduce new services inside the network Legacy network nodes employing a static and well-defined set of protocols –closed systems that allow configuration of existing services but do not allow service addition –Unsuitable for hosting the deployment of customer services including Active Networks services

Enabling Active Networks Services on A Gigabit Routing Switch 4 Active Networks A “programmable” user-networking approach –injects network services to the network “on-the-fly” –supports per-flow service customization –enables ISPs and individuals to add their services To support AN, hardware should provide –Fast processing ability to compete AN computation –the programmability with open networking APIs

Enabling Active Networks Services on A Gigabit Routing Switch 5 The Accelar Routing Switch A Nortel Networks L3 Routing Switch Family –distributed ASIC forwarding architecture –packet forwarding up to 256 gbps –VxWorks real-time OS –ORE networking programmability High performance by two separated planes –Forwarding: forwards packets at a wire speed –Control: processes policy control as well as supports the ORE services

Enabling Active Networks Services on A Gigabit Routing Switch 6 Switching Fabric CPU System Forwarding Plane (Wire Speed Forwarding) Forwarding Processor Forwarding Rules Statistics &Monitors Forwarding Processor Forwarding Rules Statistics &Monitors Forwarding Processor Forwarding Rules Statistics &Monitors... Accelar Programmable Networking Control Plane ORE Network Services Traffic Packets Filtered packetsNew rules JFWD

Enabling Active Networks Services on A Gigabit Routing Switch 7 The ORE Programmability ORE: an Oplet Runtime Environment for injecting customized software into network –an open platform for secure downloading, installation, and safe execution of Java code –provide user-level service API –network services implemented using Java code

Enabling Active Networks Services on A Gigabit Routing Switch 8 The ORE Programmability Oplet: a self-contained downloadable unit –encapsulates one or more services –contains service attributes such as dependency –Secure downloading, service installation Service: a downloadable code that implements a specific functionality –includes Active Networks services: EE –Can be built on the top of other services –examples: filtering packet, altering forwarding priority and diverting packets

Enabling Active Networks Services on A Gigabit Routing Switch 9 CPU JVM ORE Architecture …MEM JNI/Native Code OREJFWD Filtered packets New forwarding rules Forwarding Engine Monitor status Oplets OpletService, Shell, Logger Jcapture, HTTP, IpPacket Standard Services ANTS Firewall, DiffServ User-defined services Function Services

Enabling Active Networks Services on A Gigabit Routing Switch 10 ORE Services Three categories –Standard: ORE-specific APIs for customer service encapsulation and management –System: low-level or underlying access APIs such as packet forwarding and processing services –Customized: user-level service APIs Function: ORE or user services for common use Oplets: application-specific customer services

Enabling Active Networks Services on A Gigabit Routing Switch 11 ORE Services System Services –JFWD: Java Forwarding API, see next slide –JMIB: platform MIB access, provides access to hardware instrumentation –JPCAP: packet capturing, provides use of local Berkeley libpcap

Enabling Active Networks Services on A Gigabit Routing Switch 12 ORE Services JFWD: a system service –Java Forwarding API, platform-independent –controls packet processing and forwarding –provides access to the hardware instrumentation –typical network mappings IP filters: drop, forward and capture packets IP routing MAC address, ARP and Vlan –native implementation on Accelar and Linux

Enabling Active Networks Services on A Gigabit Routing Switch 13 ORE Services Standard Services –OpletService: Oplet service API, extended to define service descriptions and interfaces –ManifestOplet: Oplet encapsulation abstract interface, implemented to create service-specific oplets –Start: ORE startup service, loads given services at startup –Shell: telnet-like user interface, provides shell commands to manipulate oplets and start or stop network services –Logger: ORE log service, provides runtime logs

Enabling Active Networks Services on A Gigabit Routing Switch 14 ORE Services Customized services –HTTP: HTTP service –Jcapture: packet capturing service – IpPacket: IP packet utility, constructs IP/TCP/UDP header and payload –JMIB: platform MIB access, provides access to hardware instrumentation –JPCAP: packet capturing, provides use of local Berkeley libpcap

Enabling Active Networks Services on A Gigabit Routing Switch 15 Customer Service Deployment Customer service programming –regular Java programming –two ORE APIs: OpletService and ManifestOplet Service code packed in jar and stored in downloading servers ORE downloads service code and starts particular services as instructed A service can be built using other services

Enabling Active Networks Services on A Gigabit Routing Switch 16 Customer Deployment: ORE API OpletService: the ORE base service –Extended by customer service interface classes to define service description and interfaces –customers also provide the service implementation classes to implement those interface classes –service implementation classes should include two additional private methods for starting and stopping the service function respectively

Enabling Active Networks Services on A Gigabit Routing Switch 17 Customer Deployment: ORE API ManifestOplet: the abstract oplet interface –implemented by customers as concrete oplets to encapsulate the service code –has two methods startService() and stopService() to register or deregister a service at runtime –accompanied by manifest files to cover service information, e.g., oplet name, service description, dependency and package name

Enabling Active Networks Services on A Gigabit Routing Switch 18 Customer Deployment: package What are includes in a service package? –Hello.class: the service interface class, extends OpletService –HelloImpl.class: the service implementation class, implements the interface Hello –HelloOplet.class: the Oplet class, implements Manifest and encapsulate service Hello –HelloOplet.mf: the service manifest file, provides the service information

Enabling Active Networks Services on A Gigabit Routing Switch 19 Customer Deployment: start How to start customer services? 2 ways at least –at startup the ORE startup service (start) starts those services specified in “start.properties”, which is in the same directory of the service package “start.jar” edit “start.properties” to add or remove your service packages –at runtime customers can use the ORE shell service to manipulate those services by “telnet OREHOST 1999” the whole service lifecycle can be instructed –through the ORE API by remote applications

Enabling Active Networks Services on A Gigabit Routing Switch 20 Customer Deployment: To Accelar Injecting customer services onto the Accelar –service code (i.e., jars) stored in external servers for downloading –services can be activated at startup or runtime –once activation successfully, those services work like native services on the Accelar

Enabling Active Networks Services on A Gigabit Routing Switch 21 ORE ANTS on the Accelar Deploying the ANTS on the Accelar using ORE MIT ANTS distribution –version 1.2 –no modification to the ANTS code on the Accelar 1100B routing switch –ORE version –ORE ANTS package –URL: “ An Active Networks service implementation

Enabling Active Networks Services on A Gigabit Routing Switch 22 ORE ANTS: service Service: “AntsNodeService” –wrapping the MIT ANTS code –package “com.nortelnetworks.ore.service.ants” AntsNodeService.class: the AntsNodeService interface AntsNodeServiceImpl.class: the service implementation AntsNodeOplet.class: the Oplet AntsNode.mf: the manifest –service interfaces getNode(): connect to the ANTS code getConfiguration(): set up the service using ANTS configuration

Enabling Active Networks Services on A Gigabit Routing Switch 23 The ANTS Ping (Aping) Test The ORE ANTS service tested by APing –an experimental active net built within Nortel –Accelar 1100B: the active router with ORE ANTS –Sun workstations 1: destination active node with MIT ANTS –Sun workstations 2: source active node with MIT ANTS (and APing) –Linux PC: the HTTP server providing the ORE service jar packages and the ORE ANTS configuration

Enabling Active Networks Services on A Gigabit Routing Switch 24 Destination Host (Sun Workstation 1) HTTP server (Linux PC) ORE ANTS Active Router (Accelar 1100 B Switch) Download oplets ORE ANTS Testbed Source Host (Sun Workstation 2) ANTS ANTS (APing) Router

Enabling Active Networks Services on A Gigabit Routing Switch 25 Summary ORE brings the programmability to network The ORE ANTS deployment on the Accelar is a successful instance of injecting Active Networks (AN) services to network nodes Porting AN services to ORE is rather easy If necessary, JFWD or other system services are used by customers to access underlying resource or hardware instrumentation Accelar is still working on strong CPU competence & flexible ASIC programmability

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.