Presentation is loading. Please wait.

Presentation is loading. Please wait.

August 2000 1 Extensible Router Workshop – Princeton University Open Networking Better Networking Through Programmability Extensible Router Workshop Princeton.

Published byBrook Bradley Modified over 9 years ago

Similar presentations

Presentation on theme: "August 2000 1 Extensible Router Workshop – Princeton University Open Networking Better Networking Through Programmability Extensible Router Workshop Princeton."— Presentation transcript:

1 August 2000 1 Extensible Router Workshop – Princeton University Open Networking Better Networking Through Programmability Extensible Router Workshop Princeton University Tal Lavian Nortel Networks Labs tlavian@ieee.org More info: http://www.openetlab.org

2 August 2000 2 Extensible Router Workshop – Princeton University We are part of research organization This talk describes exploratory research No commitment by Nortel to turn technology into product. No commitment by Nortel to do anything with ideas described in this talk. Usual Disclaimer

3 August 2000 3 Extensible Router Workshop – Princeton University Programmable Network Devices Openly Programmable Devices Enable New Types of Intelligence on the Network

4 August 2000 4 Extensible Router Workshop – Princeton University IBM CDC Digital Amdel Applications OSs Peripherals Hardware 1980s - Vertical Industry 2000s - Horizontal Industry Industry movement from vertical toward horizontal markets

5 August 2000 5 Extensible Router Workshop – Princeton University Incomplete transformation; the inflection point is quickly approaching … Cisco Nortel Juniper 3Com Network & Mgmt services Embedded OS System ASICs “00 Vertical Network Industry Horizontal Network Industry Inflection Points Ahead of Us

6 August 2000 6 Extensible Router Workshop – Princeton University Location, location, location Service-enablement will prove most effective where “impedance mismatches” occur in the network — Optical vs. Wireline —Wireline vs. wire-less — Secure vs. non-secure — Customer-premises vs. Content-provider-land — SLA (x) vs. SLA (y) —Resource-constrained vs. unwashed unlimited computing A service-enabled box can wear multiple hats

7 August 2000 7 Extensible Router Workshop – Princeton University Emancipation of a Router It all started from old-world, vertically-integrated code. ASICs/Processors Proprietary Apps Proprietary NOS

8 August 2000 8 Extensible Router Workshop – Princeton University 1 st Degree of Emancipation Introverted APIs Emerge. Modular code is native, local, and trusted. port required. ASICs/Processors Forwarding Engine S y s t e m S e r v i c e s F r a m e w o r k Routing Protocol 1 N Routing Table Manager Forwarding Engine Interface System Manager Management Interface Agents 1 N M M M N O 1 O N C C FC 1 N FM

9 August 2000 9 Extensible Router Workshop – Princeton University 2nd Degree of Emancipation Extroverted APIs expose object capabilities to ISV code. Introverted APIs APIs ASICs/Processors Forwarding Engine Extroverted APIs ISV’s Software

10 August 2000 10 Extensible Router Workshop – Princeton University 3th Degree of Emancipation Extroverted APIs extend a commodity Java runtime. Extroverted APIs Introverted APIs APIs ASICs/Processors Forwarding Engine JVM JAPIs ISV’s Software

11 August 2000 11 Extensible Router Workshop – Princeton University 4th Degree of Emancipation ISV code is local/non-local, non-native, non-trusted, loaded on demand, and can teleport itself. Extroverted APIs Introverted APIs APIs ASICs/Processors Forwarding Engine JVM JAPIs ISV’s Software

12 August 2000 12 Extensible Router Workshop – Princeton University Java-enabled Device Architecture Operation System JVM Oplet Oplet Runtime Env Download Hardware Routing Code Native APIs Oplet

13 August 2000 13 Extensible Router Workshop – Princeton University Network Device Dynamic loading Example: Downloading Intelligence Example: Downloading Intelligence HW OS JVM React Monitor Authentication Security Intelligence application

14 August 2000 14 Extensible Router Workshop – Princeton University Separation of Control and Forwarding Planes Centralized, CPU-based Router Forwarding-Processors Based Router Based Router Control + Forwarding Functions combined Control separated from forwarding CPU Routing SW CPU Control Plane Forwarding Processor Forwarding Processor Forwarding Processor SlowWire Speed

15 August 2000 15 Extensible Router Workshop – Princeton University Switching Fabric CPU System Forwarding Plane (Wire Speed Forwarding) Forwarding Processor Forwarding Rules Statistics &Monitors Forwarding Processor Forwarding Rules Statistics &Monitors Forwarding Processor Forwarding Rules Statistics &Monitors... Programmable Networking Control Plane ORE Network Services Traffic Packets Filtered packetsNew rules JFWD

16 August 2000 16 Extensible Router Workshop – Princeton University But Java is Slooowwwww Not appropriate in the fast-path data forwarding plane —forwarding is done by ASICs —packet processing not affected Java applications run on the CPU —Packets designated for Java application are pushed into the control plane

17 August 2000 17 Extensible Router Workshop – Princeton University Simple Example: Fine grain monitoring Imagine a SNMP-based network with: —100 nodes —each node with 100 ports —each port with 100 conditions —all being checked 100 times a second That’s 10 billion SNMP variable accesses every second. And that’s a significant load on the NMS and the network as a whole. It’s not going to work.

18 August 2000 18 Extensible Router Workshop – Princeton University Switching Fabric CPU Wire Speed Forwarding Processor Forwarding Rules Statistics &Monitors Forwarding Processor Forwarding Rules Statistics &Monitors Forwarding Processor Forwarding Rules Statistics &Monitors Control Plane... Silicon-based Forwarding Engines

19 August 2000 19 Extensible Router Workshop – Princeton University Real-time Forwarding Stats and Monitors CPU SW HW Apps Forwarding Processor Forwarding Rules Statistics &Monitors Forwarding Processor Forwarding Rules Statistics &Monitors Forwarding Processor Forwarding Rules Statistics &Monitors

20 August 2000 20 Extensible Router Workshop – Princeton University CPU JVM ORE Architecture …MEM JNI/Native Code OREJFWD Filtered packets New forwarding rules Forwarding Engine Monitor status Oplets OpletService, Shell, Logger Jcapture, HTTP, IpPacket Standard Services Firewall, DiffServ User-defined services Function Services

21 August 2000 21 Extensible Router Workshop – Princeton University ORE - Oplet Run-time Environment Service A JVM ORE Service B Oplet 1 Service C Oplet 2 Why ORE?

22 August 2000 22 Extensible Router Workshop – Princeton University Basic ORE Concepts Oplet Runtime Environment (ORE) —A kernel that manages the life cycle of oplets and services —Provides a registry of services Services —The value being added. Minimal constraint, could be anything —Represented as a Java interface Oplets —The unit of deployment: a JAR file —Contains meta-data (e.g. signatures, dependency declarations) —Contains services and other resources (data files, images, properties, JAR files)

23 August 2000 23 Extensible Router Workshop – Princeton University Oplet Lifecycle Install —Loaded from URL Start —Services that are depended on must already be started Stop —Any oplets that depend on this oplet’s services will be stopped —Code and data can be unloaded from ORE Update —Updates the oplet with a new oplet Uninstall

24 August 2000 24 Extensible Router Workshop – Princeton University Dynamic Classification Objectives Implement flow performance enhancement mechanisms without introducing software into data forwarding path —Service defined packet processing in a silicon-based forwarding engine —Dynamic packet classifier Rob Jaeger, Jeff Hollingsworth, Bobby Bhattacharjee - University of Maryland

25 August 2000 25 Extensible Router Workshop – Princeton University Dynamic - On the Fly Configuration Forwarding Processor Forwarding Processor Packet PolicyFilters Dynamic Apps Packet Filte r

26 August 2000 26 Extensible Router Workshop – Princeton University Experimental Setup 100 Mbps Source 2 tcp_send() 100 Mbps Destination 1. tcp_recv() 2. tcp_recv() Source 1 tcp_send() Acclear 1100B Routing Switch 100 Mbps

27 August 2000 27 Extensible Router Workshop – Princeton University

28 August 2000 28 Extensible Router Workshop – Princeton University Dynamic Classification Identify real-time flows (e.g. packet signature/flowId ) 1Use CarbonCopy filters to deliver multimedia control protocols to control plane –e.g. SIP, H.323. RTCP –Determine dynamically assigned ports from control msgs 2Use CarbonCopy filters to sample a number of packets from the physical port and identify RTP packets/signature Set a packet processing filter for packet signature to: —adjust DS-byte OR —adjust priority queue

29 August 2000 29 Extensible Router Workshop – Princeton University 5-tuple Filtering List Source Address Source Port Destination Address Destination Port Protocol

30 August 2000 30 Extensible Router Workshop – Princeton University JFWD 5-tuple Filtering Copy the packet to the control plane Don't forward the packet Set TOS field Set VLAN priority Adjust priority queue

31 August 2000 31 Extensible Router Workshop – Princeton University Dynamic Classification Without introducing software into data path we performed Dynamic Classification of flows in a Silicon-Based Gigabit Routing Switch —Introduced a new service to a Gigabit Routing Switch —Identified real-time flows —Performed policy-based flow behavior classification —Adjusted DS-byte value —Showed that flow performance can be improved

32 August 2000 32 Extensible Router Workshop – Princeton University Nortel’s Openet.lab It’s an incubator for service-enabled network nodes and sample services It provides: —JVM-emancipated prototypes of Nortel routers —Java APIs to MIBs —Java APIs to Forwarding Planes, packet capturing —A runtime environment for downloaded code Free downloads from http://www.openetlab.orghttp://www.openetlab.org

33 August 2000 33 Extensible Router Workshop – Princeton University Closing remark Back then, thrust wasn’t a problem; control was. Likewise, network bandwidth isn’t the problem, control is. It demands our collective efforts Wright brothers 1904

34 August 2000 34 Extensible Router Workshop – Princeton University Q&A

35 August 2000 35 Extensible Router Workshop – Princeton University Appendix

36 August 2000 36 Extensible Router Workshop – Princeton University Multiple points of view NMS AB It is possible for node A to lose network “visibility” to node B, even though the NMS has visibility to both The NMS is the traditional PoV for observing the network Being able to move the management PoV out of the NMS and into the managed nodes would help

37 August 2000 37 Extensible Router Workshop – Princeton University Mobile diagnostics Similar to multiple points of view Blocking DoS at ingress into the network is best Inject mobile agent into the network at the node where the DoS is first detected The agent moves from node to node towards the DoS traffic source A bit like an immune system

38 August 2000 38 Extensible Router Workshop – Princeton University Active Intrusion Detection Intruder is identified by Intrusion Detection software Intruder signature is identified Mobile agent is dispatched in direction of intruder (based on physical port of entry) Mobile agent “chases” and terminates intruder (shuts down link, reboot host, notify NMS)

39 August 2000 39 Extensible Router Workshop – Princeton University Diagnostic Mobile Agents Automatic trace-route from edge router where problem exists —Each node reached generates a report to NMS —Trace-route code “moves” to next node in path —Mobile agents identify router health —Create logs for NMS

40 August 2000 40 Extensible Router Workshop – Princeton University Apps - Routing Relationship Download Oplet Service to the router. Monitor router locally Report “events” to App server Allow Service to take action Download application Adjust parameters based on direction from app server Monitor Appropriate Application Download Complex Condition Exceeded App Server router Extensive access to internal resources

41 August 2000 41 Extensible Router Workshop – Princeton University Collaboration with Applications New paradigm of distributed applications Network devices collaborating with applications Application aware routing JVM Servers RMI, XML, CORBA Apps Routers Switches JVM Apps Apps Server Oplet

42 August 2000 42 Extensible Router Workshop – Princeton University Router Server Collaboration Supports distributed computing applications in which network devices participate —router to router —server to router Supports Intelligent Agents Supports Mobile Agents Java-based Application Java-based Application Java-based Application

43 August 2000 43 Extensible Router Workshop – Princeton University MIB API Example API uses a MIB Map to dispatch requests to variable access routines Different parts of the MIB tree can be serviced by different mechanisms Two main schemes: An ad hoc interface to the SNMP instrumentation layer A generic SNMP loopback

44 August 2000 44 Extensible Router Workshop – Princeton University Strong Security in the New Model The new concept is secure to add 3rd party code to network devices —Digital Signature —Administrative “Certified Optlet” —No access out of the JVM space —No pointers that can do harm —Access only to the published API —Verifier - only correct code can be loaded —Class loader access list —JVM has run time bounds, type, and execution checking

Download ppt "August 2000 1 Extensible Router Workshop – Princeton University Open Networking Better Networking Through Programmability Extensible Router Workshop Princeton."

Similar presentations

NetServ Dynamic in-network service deployment Henning Schulzrinne (Columbia University) Srinivasan Seetharaman (Georgia Tech) Volker Hilt (Bell Labs)

NetServ Dynamic in-network service deployment Henning Schulzrinne (Columbia University) Srinivasan Seetharaman (Georgia Tech) Volker Hilt (Bell Labs)
Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Chapter 1: Introduction to Scaling Networks

Chapter 1: Introduction to Scaling Networks
Contents Shortcomings of QoS in the Current Internet About OpenFlow

Contents Shortcomings of QoS in the Current Internet About OpenFlow
Traffic Shaping Why traffic shaping? Isochronous shaping

Traffic Shaping Why traffic shaping? Isochronous shaping
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
Enabling Active Networks Services on A Gigabit Routing Switch Tal Lavian and the Openetlab Team.

Enabling Active Networks Services on A Gigabit Routing Switch Tal Lavian and the Openetlab Team.
Open Innovation via Java-enabled Network Devices Tal Lavian

Open Innovation via Java-enabled Network Devices Tal Lavian
1 K. Salah Module 4.0: Network Components Repeater Hub NIC Bridges Switches Routers VLANs.

1 K. Salah Module 4.0: Network Components Repeater Hub NIC Bridges Switches Routers VLANs.
Rob Jaeger, University of Maryland, Department of Computer Science 1 Active Networking “ The active network provides a platform on which network services.

Rob Jaeger, University of Maryland, Department of Computer Science 1 Active Networking “ The active network provides a platform on which network services.
KYUNG HWA KIM HENNING SCHULZRINNE Internet Real-Time Lab Columbia University June 2011 Distributed Network Fault Diagnosis System DYSWIS (Do You See What.

KYUNG HWA KIM HENNING SCHULZRINNE Internet Real-Time Lab Columbia University June 2011 Distributed Network Fault Diagnosis System DYSWIS (Do You See What.
Unified Device Management via Java-enabled Network Devices Tal Lavian Rob Duncan Bay Architecture Lab, Santa.

Unified Device Management via Java-enabled Network Devices Tal Lavian Rob Duncan Bay Architecture Lab, Santa.
1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.

1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.
Understanding and Managing WebSphere V5

Understanding and Managing WebSphere V5
HiVision SNMP Software.

HiVision SNMP Software.
QualNet 2014/05/13 602430017 尉遲仲涵. Outline Directory Structure QualNet Basic Message & Event QualNet simulation architecture Protocol Model Programming.

QualNet 2014/05/ 尉遲仲涵. Outline Directory Structure QualNet Basic Message & Event QualNet simulation architecture Protocol Model Programming.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
A Policy-based Approach to Wireless LAN Security Management George Lapiotis, Byungsuk Kim, Subir Das, Farooq Anjum Speaker: George Lapiotis

A Policy-based Approach to Wireless LAN Security Management George Lapiotis, Byungsuk Kim, Subir Das, Farooq Anjum Speaker: George Lapiotis
1 Service-enabled Networks Service-enabled Networks From The Network to My Network.

1 Service-enabled Networks Service-enabled Networks From The Network to My Network.
Common Devices Used In Computer Networks

Common Devices Used In Computer Networks

Similar presentations

Ads by Google