9/29/99 1 Openet Center - Java-enabled Network Devices Open Programmable Architecture for Java-enabled Network Devices Tal Lavian Technology Center

9/29/99 2 Openet Center - Java-enabled Network Devices Programmable Network Devices Openly Programmable devices enable new types of intelligence on the network

9/29/99 3 Openet Center - Java-enabled Network Devices Agenda Local Computation Architecture New types of applications ORE - Oplet Run-time Environment API’s Summary

9/29/99 4 Openet Center - Java-enabled Network Devices —JVMs Network devices –Accelar, Accelar, Bay Routers —ORE - Oplet Run-time Environment —Java-enabled Device Architecture —Java SNMP MIB API —Implementation of Network Forwarding API —Dynamic applications —SDK and Linux Simulator Accomplishments

9/29/99 5 Openet Center - Java-enabled Network Devices Agenda Local Computation Architecture Applications ORE - Oplet Run-time Environment API’s Summary

9/29/99 6 Openet Center - Java-enabled Network Devices Evolution vs. Revolution HW Net Static Net SW Net SW Intelligence Dynamic Time Performance / Enhancement Logarithmic Now 10M 100M 1G 10G Web Bandwidth x200 Last Mile 56kb ==>10Mb

9/29/99 7 Openet Center - Java-enabled Network Devices Changing the Rules of the Game Move Turing Machine onto device —Add local intelligence to network devices while (true) { doLocalProcessingOnDevic e() }

9/29/99 8 Openet Center - Java-enabled Network Devices The Web Changed Everything Browsers —Introducing JVM to browsers allowed dynamic loading of Java Applets to end stations Routers —Introducing JVM to routers allows dynamic loading of Java Oplets to routers This Capability WILL Change Everything

9/29/99 9 Openet Center - Java-enabled Network Devices Network Device Dynamic loading Example: Downloading Intelligence Example: Downloading Intelligence HW OS JVM React Monitor Authentication Security Intelligence application

9/29/99 10 Openet Center - Java-enabled Network Devices Security and Stability secure download of Java Applications safe execution environment —insulate core router applications from dynamically loaded applications

9/29/99 11 Openet Center - Java-enabled Network Devices Device-based Intelligence Static-vs-Dynamic Agents —Static –SNMP set/get mechanisms –Telnet, User Interfaces (cli, web, etc…) —Dynamic closed-loop interaction on nodes –capable of dealing with new and difficult situations – autonomous and rational properties. –dynamically system monitoring & modification –report status and trends

9/29/99 12 Openet Center - Java-enabled Network Devices Agenda Local Computation Architecture Applications ORE - Oplet Run-time Environment API’s Summary

9/29/99 13 Openet Center - Java-enabled Network Devices ORE - Oplet Run-time Environment Service A JVM ORE Service B Oplet 1 Service C Oplet 2 Why ORE?

9/29/99 14 Openet Center - Java-enabled Network Devices Java-enabled Device Architecture Device HW Operating System JVM Oplet C/C++ API Java API Device Code Oplet Runtime Env Device Drivers JNI JFWD API ORE Service Download

9/29/99 15 Openet Center - Java-enabled Network Devices Architecture Issues Green Threads -vs- Native Threads —Native threads: –provides non-interference between Java applications –difficult thread-to-thread communication and sharing of data between threads –creates a dependency on underlying RTOS –multiple JVM instances consume resources —Green Threads –single JVM must manage CPU & memory resources between concurrently running threads

9/29/99 16 Openet Center - Java-enabled Network Devices Evolution of Router Architecture Line card (forwardingbuffering) (forwardingbuffering) (forwardingbuffering) (forwardingbuffering) CPUBuffermemory Routing software w/ COTS OS Routing software w/ COTS OS NI as line card NI as line card NI as line card... RoutingCPUBuffermemory Routing software w/ router OS Routing software w/ router OS Centralized, CPU-based Model Distributed, line-card based Model Control + Forwarding Functions combined Control separated From forwarding Added scalability, Flexibility, extensibility

9/29/99 17 Openet Center - Java-enabled Network Devices Explicit Separation of Control Plane from Data Forwarding Forwarding Element Control Element Forwarding Element Forwarding Routing Shared Memory Packet Flow Packet Flow Forwarding Forwarding/ Flow/filter Table Download CPU Line Card Traditional device Line Card

9/29/99 18 Openet Center - Java-enabled Network Devices Separation of Control and Forwarding Planes Centralized, CPU-based Router Forwarding-Processors based Router based Router Control + Forwarding Functions combined Control separated From forwarding CPU Routing SW CPU Control Plane Forwarding Processor Forwarding Processor Forwarding Processor SlowWire Speed

9/29/99 19 Openet Center - Java-enabled Network Devices Open Networking Architecture Network Services Protocol Connect Transport Interface Real-time OS Network Si Network OS Network Services Objects Server Operating System Unified policy-based management Forwarding element Control element Application server Today Networking Box Level Hardware Proprietary NOS Proprietary Apps Custom Switch ASIC’s Vertical Proprietary Open IP Telephony VPN Policy Server Firewall Copyright - Intel

9/29/99 20 Openet Center - Java-enabled Network Devices Dynamic Configuration of Forwarding Rules CPU Forwarding Processor Forwarding Processor Forwarding Processor Forwarding Processor Forwarding Rules SW HW Forwarding Rules Forwarding Rules Forwarding Rules AN Apps

9/29/99 21 Openet Center - Java-enabled Network Devices Real-time forwarding Stats and Monitors CPU SW HW AN Apps Forwarding Processor Forwarding Rules Statistics &Monitors Forwarding Processor Forwarding Rules Statistics &Monitors Forwarding Processor Forwarding Rules Statistics &Monitors

9/29/99 22 Openet Center - Java-enabled Network Devices Dynamic - On the Fly Configuration Forwarding Processor Forwarding Processor Packet PolicyFilters Dynamic Apps Packet Filte r

9/29/99 23 Openet Center - Java-enabled Network Devices Packet Capture CPU Forwarding Processor Forwarding Processor Forwarding Processor Forwarding Processor Oplet JFWD to Divert or Copy Wire Speed Packet

9/29/99 24 Openet Center - Java-enabled Network Devices Agenda Our market is changing Local Computation Architecture Applications ORE - Oplet Run-time Environment API’s Summary

9/29/99 25 Openet Center - Java-enabled Network Devices Applications Network Management —Proactive Network Management —Diagnostic Agents Dynamic DiffServ Classifier Active Intrusion Detection Multicast Caching IP Accounting Application-Layer Router-Server Collaboration Pseudo Default Drop Capability

9/29/99 26 Openet Center - Java-enabled Network Devices Network Management Download Oplet Service to the device. Monitor MIB variables Might be complex conditions Trend analysis DiffServ, RMON-II, etc… MIBs Report “events” to NMS —drop rate, packets/second Allow Service to take action Download application Adjust parameters based on direction from NMS Monitor Appropriate Application Download Complex Condition Exceeded NMS No more polling router Extensive access to internal resources

9/29/99 27 Openet Center - Java-enabled Network Devices An Open Service API Example —SNMP API for Network Management –generated automatically –allows device-based applications to query MIB –device-based application -- query local MIB –report trends or significant events –initiate downloading of problem specific diagnostic code –take corrective action

9/29/99 28 Openet Center - Java-enabled Network Devices Proactive Network Management Device-based Intelligence is Dynamic —Static Management –SNMP set/get mechanisms –Telnet, User Interfaces (cli, web, etc…) —Dynamic Closed-loop Management at Network Node –capable of dealing with new and difficult situations – autonomous and rational properties. –dynamically system monitoring & modification –report status and trends —Monitor MIB to identify poor performance and notify NMS prior to failures —Downloaded service can instantiated new services

9/29/99 29 Openet Center - Java-enabled Network Devices Diagnostic Mobile Agents Automatic trace-route from edge router where problem exists. —Each node reached generates a report to NMS —Trace-route code “moves” to next node in path —Mobile agents identify router health —Create logs for NMS

9/29/99 30 Openet Center - Java-enabled Network Devices Dynamic DiffServ Classifier Set router filters to sample packets from edge device host ports Identify real-time traffic (RTP flows) Set filter on port to adjust DS-byte value based on policy Keep track of filters set Remove filters no longer in use

9/29/99 31 Openet Center - Java-enabled Network Devices Dynamic DiffServ Classification Forwarding Processor Forwarding Processor PolicyFilters ORE Service Packet Filte r Sample packets, set filters to modify DS-byte for Per-Hop-Behavior modification Packet Control Plane

9/29/99 32 Openet Center - Java-enabled Network Devices Active Intrusion Detection Intruder is identified by Intrusion Detection software Intruder signature is identified Mobile agent is dispatched in direction of intruder (based on physical port of entry) Mobile agent “chases” intruder and terminates him (shuts down link, reboot host, notify NMS)

9/29/99 33 Openet Center - Java-enabled Network Devices Server Collaboration Supports distributed computing applications in which network devices participate —router to router —server to router Supports Intelligent Agents Supports Mobile Agents Java-based Application Java-based Application Java-based Application

9/29/99 34 Openet Center - Java-enabled Network Devices Application Layer Collaboration Among Routers and Servers Server farm load balancing —server state monitored; rerouting based on congestion/load Auctioning Applications Bandwidth Broker

9/29/99 35 Openet Center - Java-enabled Network Devices Collaboration with Business Applications New paradigm of distributed applications Network devices collaborating with business applications Application aware routing JVM Oracle DB E-Commerce Business apps SAP, ERP, Optivity RMI, XML, CORBA Apps Accelar Passport Shasta BayRS BS450 JVM Apps Apps Server Oplet

9/29/99 36 Openet Center - Java-enabled Network Devices Dynamic - On the Fly Configuration From downloadable Java application, we can modify the behavior of the ASICs

9/29/99 37 Openet Center - Java-enabled Network Devices Agenda Our market is changing Local Computation Architecture New types of applications ORE - Oplet Run-time Environment API’s Summary

9/29/99 38 Openet Center - Java-enabled Network Devices Summary Programmable —Turing Machine on network devices —dynamic agents vs. static agents —dynamic loading Openness - successfully proven paradigm —Facilitates innovation —Domain experts - virtual development community —3rd parties - change the networking landscape Application aware routing

9/29/99 39 Openet Center - Java-enabled Network Devices This is only the first step Compare to this first flight and look where aviation is today 1903 the Wright brothers

9/29/99 40 Openet Center - Java-enabled Network Devices Appendix

9/29/99 41 Openet Center - Java-enabled Network Devices MIB API Example API uses a MIB Map to dispatch requests to variable access routines Different parts of the MIB tree can be serviced by different mechanisms Two main schemes: An ad hoc interface to the SNMP instrumentation layer A generic SNMP loopback

9/29/99 42 Openet Center - Java-enabled Network Devices An Open Service API Example —SNMP API for Network Management –generated automatically –allows device-based applications to query MIB –device-based application -- query local MIB –report trends or significant events –initiate downloading of problem specific diagnostic code –take corrective action

9/29/99 43 Openet Center - Java-enabled Network Devices But Java is slooowwwww Not appropriate in the fast-path data forwarding plane —forwarding is done by ASICs —packet processing not affected Java applications run on the CPU —Packets destined for Java application are pushed into the control plane

9/29/99 44 Openet Center - Java-enabled Network Devices Strong Security in the new model The new concept is secure to add 3rd party code to network devices —Digital Signature —Administrative “Certified Optlet” —No access out of the JVM space —No pointers that can do harm —Access only to the published API —Verifier - only correct code can be loaded —Class loader access list —JVM has run time bounds, type, and execution checking

9/29/99 45 Openet Center - Java-enabled Network Devices Old model Security (C/C++) Old model: Not safe to open to 3rd party —Dangerous, C/C++ Pointers –Can touch sensitive memory location —Risk: Memory allocations and Free –Allocation without freeing (leaks) –Free without allocation (core dump !!!! ) Limited security in SNMP

9/29/99 46 Openet Center - Java-enabled Network Devices The P1520 Reference Model Algorithms for value-added communication services created by network operators, users, and third parties Algorithms for routing and connection management, directory services etc. Value Added Services Level Virtual Network Device (software representation) Physical Elements (hardware, namespace) L interface Network Generic Services Level Virtual Network Devices Level End User Applications V interface U interface CCM interface PE Level

9/29/99 47 Openet Center - Java-enabled Network Devices CSIX Consortium Common switch interface for switch fabric independence — —Detailed interface specification between port/packet processor logic and interconnect fabric logic —Similar to common media interface such as Utopia, but for switch fabric interface —Targeted at scalable switches at higher end —Permits mix-and-match of silicon and software components

9/29/99 48 Openet Center - Java-enabled Network Devices Multi-Services Switching Forum (MSF) Open Multi-service Switching —Common transmission and switching infrastructure —Modular, layered architecture —Integration at a module level through open interfaces —Multi-vendor model with 3rd party software options Switch Adaption Switch Adaption IP Services Source: MSS ATM Services Voice Service