Network Middleware for Next- Generation Network Computing Martin Swany University of Delaware Visiting Professor, CERN.

Slides:

Advertisements

Similar presentations

Photonic TeraStream and ODIN By Jeremy Weinberger The iCAIR iGRID2002 Demonstration Shows How Global Applications Can Use Intelligent Signaling to Provision.

Advertisements

All rights reserved © 2006, Alcatel Grid Standardization & ETSI (May 2006) B. Berde, Alcatel R & I.

Encrypting Wireless Data with VPN Techniques

Internet Protocol Security (IP Sec)

Working with the Internet

High Performance Computing Course Notes Grid Computing.

Module 5: Configuring Access to Internal Resources.

Security Firewall Firewall design principle. Firewall Characteristics.

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Computer Networks Fall, 2007 Prof Peterson. CIS 235: Networks Fall, 2007 Western State College  What are the main layers? What happens at each?

Mobility in the Internet Part II CS 444N, Spring 2002 Instructor: Mary Baker Computer Science Department Stanford University.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

CPSC 463 Networks and Distributed Processing Willis F. Marti.

Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.

Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

ESnet On-demand Secure Circuits and Advance Reservation System (OSCARS) Chin Guok Network Engineering Group Thomas Ndousse Visit February Energy.

By Justin Thompson. What is SOAP? Originally stood for Simple Object Access Protocol Created by vendors from Microsoft, Lotus, IBM, and others Protocol.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Comparing modem and other technologies

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

1 Multi Protocol Label Switching Presented by: Petros Ioannou Dept. of Electrical and Computer Engineering, UCY.

Introduction to BGP.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Protocol Architectures. Simple Protocol Architecture Not an actual architecture, but a model for how they work Similar to “pseudocode,” used for teaching.

Common Devices Used In Computer Networks

Presented by Xiaoyu Qin Virtualized Access Control & Firewall Virtualization.

BitTorrent enabled Ad Hoc Group 1  Garvit Singh( )  Nitin Sharma( )  Aashna Goyal( )  Radhika Medury( )

Company LOGO Networking Components Hysen Tmava LTEC 4550.

IP Network Clearinghouse Solutions ENUM IP-Enabling The Global Telephone Directory Frank Estes Vice President , ext 224

Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.

DataTAG Research and Technological Development for a Transatlantic Grid Abstract Several major international Grid development projects are underway at.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

1 BRUSSELS - 14 July 2003 Full Security Support in a heterogeneous mobile GRID testbed for wireless extensions to the.

A policy-based per-flow mobility management system design

Introduction to Grids By: Fetahi Z. Wuhib [CSD2004-Team19]

SDN Management Layer DESIGN REQUIREMENTS AND FUTURE DIRECTION NO OF SLIDES : 26 1.

ENABLING TECHNOLOGIES FOR 4G NETWORKS BY ADEL AL-SHAHRANI June 3, 2003.

SOCKS By BITSnBYTES (Bhargavi, Maya, Priya, Rajini and Shruti)

Concerns with Network Research Funding S.Floyd & R. Atkinson, Editors Internet Architecture Board draft-iab-research-funding-02.txt.

Introducing a New Concept in Networking Fluid Networking S. Wood Nov Copyright 2006 Modern Systems Research.

Introduction to Active Directory

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

3/12/2013Computer Engg, IIT(BHU)1 CLOUD COMPUTING-1.

1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 Course Introduction.

Characteristics of Scaleable Internetworks

Inter-domain Routing Outline Border Gateway Protocol.

Supporting Advanced Scientific Computing Research Basic Energy Sciences Biological and Environmental Research Fusion Energy Sciences High Energy Physics.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Presented By Hareesh Pattipati.  Introduction  Firewall Environments  Type of Firewalls  Future of Firewalls  Conclusion.

Computer Engineering and Networks, College of Engineering, Majmaah University Protocols OSI reference MODEL TCp /ip model Mohammed Saleem Bhat

1Security for Service Providers – Dave Gladwin – Newport Networks – SIP ’04 – 22-Jan-04 Security for Service Providers Protecting Service Infrastructure.

OSI Model OSI MODEL. Communication Architecture Strategy for connecting host computers and other communicating equipment. Defines necessary elements for.

OSI Model OSI MODEL.

Inter domain signaling protocol

SuperComputing 2003 “The Great Academia / Industry Grid Debate” ?

Presented by Muhammad Abu Saqer

Computer Data Security & Privacy

Server Concepts Dr. Charles W. Kann.

Lecturer, Department of Computer Application

DEPARTMENT OF COMPUTER SCIENCE

Internet Quality of Service

CPE 401 / 601 Computer Network Systems

* Essential Network Security Book Slides.

Software Defined Networking (SDN)

Firewalls Routers, Switches, Hubs VPNs

OSI Model OSI MODEL.

Presentation transcript:

Network Middleware for Next- Generation Network Computing Martin Swany University of Delaware Visiting Professor, CERN

Phoebus Overview Broad project goal: Investigate next- generation network environments for high- performance distributed computing with novel middleware and protocols Tenet: Opaque, homogeneous view of the network is limiting and only becoming more so with the advent of nets like USN Long-term question: How can we augment current network models for the future?

Network Processor-Based Model Our inquiry focuses on using general-purpose Network Processors as a platform  A network processor is a special-purpose, programmable hardware device that combines the low cost and flexibility of a RISC processor with the speed and scalability of custom silicon  Growing in popularity, provide a lower bound on functionality The Intel IXP can sustain 10Gb/sec with a cycle budget of around ~80 operations per packet  We have more headroom for slower links and the technology continues to improve While this effort does not aim to provide a production-quality implementation, we are working with real hardware to stay grounded in reality

Session Layer Model One key enabler is the use of a Session Layer (above the Transport layer) End to end transport layer connections are not sufficient in many cases  Why do we continue to be constrained by this? By embracing network heterogeneity and performing explicit negotiation, we can optimize the end to end flow and functionality Our model assumes “session processors” in the network  May or may not be in the actual data path

Session Authentication Strong, explicit authentication of a “session” enables significant functionality The Grid uses X.509-style certificates A problem with many network protocols is the lack of authentication model  So we layer it on top with ACLs, holes poked in firewalls Simple session layer interaction can use certificates to establish an ACL  This works today Authentication can cascade with proxy certificates or the user can authenticate with each session processor

Authorization and Policy Another key component for next-generation network systems is the application of authorization and policy The creation of an explicit session provides a locus for the application of policy  This pervades the other aspects of the session processing Two simple examples  Policy-based signaling from a trusted location  Don’t have to worry about ACL rot  We have designed a link-state routing protocol for flows that addresses the case where administrative domains touch in multiple places

Signaling and Traffic Engineering Having authenticated the user at the edge, the session processor can initiate or modify signaling requests Three Examples:  Insertion (or validation) of ER options in RSVP-TE Path messages  Mapping between provider-specific DSCPs at line speed based on policy  Fusion and Fission of LSP-based traffic for inter-domain connectivity  Esnet and Internet2 for instance

Multiple Transports The part of the our session protocol that has been perhaps the most controversial  Or the “terrible idea that will never work” (but does) and which continues to be reinvented with increasing frequency Short-circuit TCP based on an established session  Possible on dedicated hardware Convert from TCP to a rate-based transport protocol in the network Analytical work on signaling granularity

Conclusions Continued exploration of a promising new paradigm Single paradigm and protocol that addresses many of the problems faced by advanced DOE networking in the future  This reinforces its promise in my opinion Currently supporting Ph.D student Aaron Brown  2nd Student beginning in Spring