May 28-29, 2002 1 DANCE Exposition Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines Tal Lavian - Nortel Networks.

Slides:

Advertisements

Similar presentations

Ethernet Switch Features Important to EtherNet/IP

Advertisements

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

August Extensible Router Workshop – Princeton University Open Networking Better Networking Through Programmability Extensible Router Workshop Princeton.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Presented by Serge Kpan LTEC Network Systems Administration 1.

1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson

Enabling Active Networks Services on A Gigabit Routing Switch Tal Lavian and the Openetlab Team.

Open Innovation via Java-enabled Network Devices Tal Lavian

Introduction1-1 Introduction to Computer Networks Our goal:  get “feel” and terminology  more depth, detail later in course  approach:  use Internet.

An Active Networking Testbed for Storage Presenter Mel Tsai People Mel Tsai Anshi Liang Paul Huang Perry Dong and Tal Lavian.

Data Communications Architecture Models. What is a Protocol? For two entities to communicate successfully, they must “speak the same language”. What is.

Lecture 1 Overview: roadmap 1.1 What is computer network? the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  network.

Edge Device Multi-unicasting for Video Streaming T. Lavian, P. Wang, R. Durairaj, F. Travostino Advanced Technology Lab, Nortel Networks D. B. Hoang University.

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

CPE5021 Advanced Network Security ---Network Security and Performance--- Lecture 9 CPE5021 Advanced Network Security ---Network Security and Performance---

Networking Components

What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.

Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.

Integrated Services (RFC 1633) r Architecture for providing QoS guarantees to individual application sessions r Call setup: a session requiring QoS guarantees.

Software-Defined Networks Jennifer Rexford Princeton University.

Common Devices Used In Computer Networks

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.

Networks QUME 185 Introduction to Computer Applications.

1 Liquid Software Larry Peterson Princeton University John Hartman University of Arizona

Active Network Node in Silicon-Based L3 Gigabit Routing Switch Active Network Node in Silicon-Based L3 Gigabit Routing Switch 1 UC Berkeley Engineering.

Repeaters and Hubs Repeaters: simplest type of connectivity devices that regenerate a digital signal Operate in Physical layer Cannot improve or correct.

Dec. 3-5, DARPA AN PI Meeting Active Nets Technology Transfer through High-Performance Network Devices Tal Lavian - Nortel Networks.

NICTA-SEACS Seminar D. B. Hoang Advanced Research in Networking IICT – Faculty of IT University of Technology, Sydney A Programmable Platform for Internet.

To be smart or not to be? Siva Subramanian Polaris R&D Lab, RTP Tal Lavian OPENET Lab, Santa Clara.

Putting Intelligence in Internetworking: an Architecture of Two Level Overlay EE228 Project Anshi Liang Ye Zhou.

Active Networking On A Programmable Networking Platform The Openet Team Nortel Networks Technology Centre.

1 Networking Chapter Distributed Capabilities Communications architectures –Software that supports a group of networked computers Network operating.

NETWORK COMPONENTS Assignment #3. Hub A hub is used in a wired network to connect Ethernet cables from a number of devices together. The hub allows each.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

FireProof. The Challenge Firewall - the challenge Network security devices Critical gateway to your network Constant service The Challenge.

OS Services And Networking Support Juan Wang Qi Pan Department of Computer Science Southeastern University August 1999.

May 28-29, DANCE Exposition Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines Tal Lavian -

11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 

9/29/99 1 Santa Clara University Open Programmable Architecture for Java-enabled Network Devices Tal Lavian Technology Center Nortel Networks

May 28-29, DANCE Exposition Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines Tal Lavian - Nortel Networks.

An Architecture and Prototype Implementation for TCP/IP Hardware Support Mirko Benz Dresden University of Technology, Germany TERENA 2001.

SDN AND OPENFLOW SPECIFICATION SPEAKER: HSUAN-LING WENG DATE: 2014/11/18.

1 Integrating Active Networking and Commercial-Grade Routing Platforms The University of Maryland Rob Jaeger J.K. Hollingsworth Bobby.

May 28-29, DANCE Exposition Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines Tal Lavian -

1 Multiprotocol Label Switching (MPLS) and its Applications Network Architecture Spring 2009 Lecture 17.

High-Speed Policy-Based Packet Forwarding Using Efficient Multi-dimensional Range Matching Lakshman and Stiliadis ACM SIGCOMM 98.

1 | © 2015 Infinera Open SDN in Metro P-OTS Networks Sten Nordell CTO Metro Business Group

SOFTWARE DEFINED NETWORKING/OPENFLOW: A PATH TO PROGRAMMABLE NETWORKS April 23, 2012 © Brocade Communications Systems, Inc.

1 Java-enable Network Devices Programmable Network Node: Applications 1 Technology Center, Enterprise Solutions, Nortel Networks 2 Department of Computer.

Networking Components WILLIAM NELSON LTEC HUB  Device that operated on Layer 1 of the OSI stack.  All I/O flows out all other ports besides the.

Networking Components William Isakson LTEC 4550 October 7, 2012 Module 3.

Networking Components Quick Guide. Hubs Device that splits a network connection into multiple computers Data is transmitted to all devices attached Computers.

COMPUTER NETWORKS Hwajung Lee. Image Source:

A MAIN PROJECT SEMINAR ON PACKET FILTERING FIREWALL USING NETFILTERS IN LINUX FOR ARM9 BY: R. SRINIVASULU (07N21A0446) CH. SHIVA RAM (07N21A0442) K. MALLIKARJUNA.

Software Defined Networking and OpenFlow Geddings Barrineau Ryan Izard.

Multimedia Communication Systems Techniques, Standards, and Networks Chapter 4 Distributed Multimedia Systems.

MPLS Introduction How MPLS Works ?? MPLS - The Motivation MPLS Application MPLS Advantages Conclusion.

Network Processing Systems Design

Ethernet Packet Filtering - Part1 Øyvind Holmeide Jean-Frédéric Gauvin 05/06/2014 by.

Tal Lavian Openet: Nortel Network, Advanced Technology Lab Open Networking through Programmability.

1 Dynamic Classification in a Silicon-Based Forwarding Engine Technology Center, Nortel Networks & The University of Maryland Rob Jaeger

Instructor Materials Chapter 7: Network Evolution

University of Maryland College Park

Tal Lavian Nortel Network, Advanced Technology Lab

Software Defined Networking (SDN)

System Models and Networking Chapter 2,3

Integrating Active Networking and Commercial-Grade Routing Platforms

Intelligent Network Services through Active Flow Manipulation

Presentation transcript:

May 28-29, DANCE Exposition Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines Tal Lavian - Nortel Networks Advanced Technology Labs Open Source -

May 28-29, DANCE Exposition Outline of the talk Driving Forces Openet AFM Enabling Mechanism Realization with Openet Passport Application Examples Openet Alteon: AN platform Next step Conclusion

May 28-29, DANCE Exposition Driving Forces Introducing services on-demand Assuring Quality of Service Addressing Impedance Mismatch Demanding Programmability Users – Service Providers – Network Providers

May 28-29, DANCE Exposition Network Device Dynamic loading Introducing Services on-demand Introducing Services on-demand HW OS VIRTUAL ENVIRONMENT React Monitor Authentication Security Services & Control Intelligence application

May 28-29, DANCE Exposition Programmability A significant challenge in today’s Internet is the ability to efficiently incorporate customizable network intelligence in commercial high performance network devices. —Framework for introducing services —API for programming network devices

May 28-29, DANCE Exposition Impedance Mismatch Core Networks (WAN) Residential Enterprise LAN Intranet Access (Edge) Carrier Network ISP Network Access (Edge) ISP Network User Network User Connections HTTP, RTP, TCP, UDP, etc Fiber 1 Optical World

May 28-29, DANCE Exposition AN Solution Active networks (AN) approach opens an exciting opportunity for individual applications to define the service provided by the network through programmability. Active Networks technologies expose a novel approach that allows customer value-added services to be introduced to the network “on-the-fly”. Active Nets program has produced a new network platform flexible and extensible at runtime to accommodate the rapid evolution and deployment of network technologies. The exciting opportunity exists for network service providers and third parties, not just the network device providers, to program the network infrastructure and services.

May 28-29, DANCE Exposition AN issues AN requires substantial supports from a NOS AN introduces substantial software component, hence delay on the data path AN lacks adequate measures to addressing integrity and security of network devices. Lack of industrial-strength Active Network devices that dispel major concerns:

May 28-29, DANCE Exposition Openet Platform = Active Nets Enabling Platform = Programmable Networking Solution Passport Router Openet Active Flow Manipulation (AFM) Programmable Openet Passport Platform

May 28-29, DANCE Exposition Passport Router - Separation of Control and Forwarding PlanesCentralized, CPU-based Router Control + Forwarding Functions combined CPU Routing SW Slow Forwarding-Processors Based Router Based Router Control separated from forwarding CPU Control Plane Forwarding Processor Forwarding Processor Forwarding Processor Wire Speed

May 28-29, DANCE Exposition CPU JVM …MEM JNI/Native Code OREJFWD Filtered packets New forwarding rules Forwarding Engine Monitor status User Oplets OpletService, Shell, Logger Jcapture, HTTP, IpPacket Standard Services ANTS Firewall, DiffServ Application services Function Services Control Plane Data Plane Openet: a view from a node

May 28-29, DANCE Exposition CE FE Control Functions Control Intensive computation (2) (3) (1) 1)Control functions that reside wholly in the control plane 2)Control functions that insert software in the critical data path 3)Control functions that allow control entities to act both in the control plane and in the data forwarding plane without adding software in the data path CE: Control Element FE: Forwarding Element

May 28-29, DANCE Exposition Active Flow Manipulation Abstractions Aggregate data into traffic flows —Flows whose characteristics can be identified in real-time —E.g., “all UDP packets to a particular service”, “all TCP packets from a particular machine”. Actions to be performed in the traffic flows —Actions that can be performed in real-time —E.g., “Change the priority of all traffic destined to a particular service on a particular machine”, “Stop all traffic out of a particular link of a router”.

May 28-29, DANCE Exposition Active Flow Manipulation Forwarding Processor Forwarding Processor Packet PolicyFilters AFM Packet Filte r Packet Action A key enabling technology of Openet Two abstractions —Primitive flows —Primitive actions Customer network services exercise active network control —Identifying specific flows —Apply actions to alter network behavior in real- time

May 28-29, DANCE Exposition Identifiable Elements of Primitive Flows Table 1: The primitive flow set of identifiable elements Destination Address (DA) Range of Destination Address (RDA) Source Address (SA) Range of Source Address (RSA) Exact TCP protocol match (TCP) Exact UDP protocol match (UDP) Exact ICMP protocol match (ICMP) Source Port number, for both TCP and UDP (SP) Destination Port number for both TCP and UDP (DP) TCP connection request (TCPReg) ICMP request (ICMPReg) DS field of a datagram (DS) IP Frame fragment (FrameFrag)

May 28-29, DANCE Exposition Primitive Permissible actions Drop Forward Mirror Stop on Match (SOM) Detect Out of Profile behaviour (Out) Change DSCP value (DSCP) Prevent TCP Connect Request Modify IEEE 802.1p bit

May 28-29, DANCE Exposition Switching Fabric CPU System Data Plane (Wire Speed Forwarding) Control Plane ORE Active Services Traffic Packets Monitor statusNew rules System Services Openet on Passport Router Forwarding Processor Forwarding Rules Statistics &Monitors... Forwarding Processor Forwarding Rules Statistics &Monitors Forwarding Processor Forwarding Rules Statistics &Monitors Active Networks Services

May 28-29, DANCE Exposition Openet Framework Openet Architecture with Passport Switches

May 28-29, DANCE Exposition Example 1: Active Flow Priority Change in Real-time

May 28-29, DANCE Exposition Example 2 : JDiffserv on Passport Linux PC Passport 8600 Passport 1100B UDP UDP sender UDP receiver Diffserv Monitor Device Console Linux PC HTTP server JDiffserv Differv- enabled Network

May 28-29, DANCE Exposition Example 3 : Regatta - Fault Recovery Automated supervision Minimal service interruption Heartbeats

May 28-29, DANCE Exposition Programmable Services Solution Current Development: Programmable Services Solution Alteon-iSD Openet Extended Active Flow Manipulation (AFM) Openet Alteon-based Active Nets Platform

May 28-29, DANCE Exposition Openet Alteon Active Nets Platform = A Powerful Platform for AN Technologies Transfer A powerful and extensible control and computational plane —Partitioning hardware/software resources —Active service enabling —content filtering in real-time —active services accommodation L2-L7 filtering Content processing Power computing Optical Wireless router Content gateway Edge Device Openet

May 28-29, DANCE Exposition Solutions’ Features Real-time Filtering — Ability to poke at the device’s data flows Processing Power — Ability to perform intensive processing Enabling Services — Introducing services on-demand Programmable Services — Enabling active and adaptive services Impedance Matching — Addressing mismatches between disparate domains, disparate technologies

May 28-29, DANCE Exposition Openet Alteon AN Platform for SMDS l1 Real server on Linux or NT, 2~8 Real Players on Solaris lSMDS on iSD èReal Player RTSP request filter and interception èReal Server reply real-time stream filter and replication èRTSP session setup by replicating first 16 packets cached Real Server 8 SMDS service Real Player 1 Linux/X86 Sun/Solaris Real Player 2 Alteon 1 st Client RTSP Request Server reply Packet Redirection rtsp://pcary1gc/real8video rtsp://pcary1gc:5454/real8video iSD Packet Writeback RTSP intercept Packet Replicate Client Register Streaming Media Distribution Service

May 28-29, DANCE Exposition Control Mesg A Simple EvaQ8 concept 8600 OmniNet G 1G A B C D X Y Z B2 B3 OmniNet Control Plane [Linux] TL1 Alteon iSD Alteon iSD Alteon iSD EvaQ8 OG - 1 EvaQ8 OG -2 EvaQ8 OG Normal App flow : Client X -> Server Z 2.Disaster Strikes at Location Z 3.EvaQ8 OG 3 sends a signal[RSVP] to OG1 4.OG1 instructs Omnit net to connect B2 & B3 ; Server Z and Server Y data syncd 5.On successful sync, OG2 instructs OmniNet to connect B1->B2. 6.Service Restored for Client X ->server Y Disaster Event/ Environ. Sensor B1 Control Mesg

May 28-29, DANCE Exposition What next? Service-centric Active Nets Platform SERVICES Manage Service Enabling Control Impedance Matching Intra-Service Comm Secur it y Service Enabling API Control API Impedance Matching API Security API Management API Intra-service Communications API

May 28-29, DANCE Exposition Summary Openet – our Networking Programmability Commercial network programmable hardware New AN platform: Openet + Alteon + iSD —Alteon: AN platform on an advanced content switch —iSD: powerful & extensible computation plane Enables AN technologies transfer Promoting an edge device service-centric platform 

May 28-29, DANCE Exposition Q&A OpenetLab – Nortel Networks: