active networks: applications, security, safety and architectures
DESCRIPTION
Active Networks: Applications, Security, Safety and Architectures. Author: Konstantinos Psounis Stanford University Presenter: Sanjay Agrawal Purdue University. Purdue University Nov 15, 2000. Passive and Active Networks. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Active Networks: Applications, Security, Safety and Architectures](https://reader036.vdocument.in/reader036/viewer/2022062519/56814fa3550346895dbd6204/html5/thumbnails/1.jpg)
Department of Computer Science, Purdue University
Active Networks: Applications, Security, Safety and
Architectures
Author: Konstantinos Psounis Stanford University
Presenter: Sanjay Agrawal
Purdue University
Purdue University Nov 15, 2000Purdue University Nov 15, 2000
![Page 2: Active Networks: Applications, Security, Safety and Architectures](https://reader036.vdocument.in/reader036/viewer/2022062519/56814fa3550346895dbd6204/html5/thumbnails/2.jpg)
Department of Computer Science, Purdue University
Passive and Active Networks
• Passive: Consists of smart hosts at the edges of the network performing computations up to the app layer, routers interconnecting them can only perform computations up to the network layer.
• Active: Allows Intermediate routers to perform computations up to the application layer. Users can program the network by injecting programs into them.
![Page 3: Active Networks: Applications, Security, Safety and Architectures](https://reader036.vdocument.in/reader036/viewer/2022062519/56814fa3550346895dbd6204/html5/thumbnails/3.jpg)
Department of Computer Science, Purdue University
Networks, Passive and Active:
• Passive Networks:
Processing limited to Routing, congestion Control and QoS Schemes
Problems:
1. Difficulty of integrating new technologies
2. No support for applications that require computation within the network.
3. Poor performance due to redundant operations.
![Page 4: Active Networks: Applications, Security, Safety and Architectures](https://reader036.vdocument.in/reader036/viewer/2022062519/56814fa3550346895dbd6204/html5/thumbnails/4.jpg)
Department of Computer Science, Purdue University
Need for Active Networks:
• Need an ability to program the networks.
• Networks should be able to do computations on user data.
• Users can supply the programs to perform these computations.
![Page 5: Active Networks: Applications, Security, Safety and Architectures](https://reader036.vdocument.in/reader036/viewer/2022062519/56814fa3550346895dbd6204/html5/thumbnails/5.jpg)
Department of Computer Science, Purdue University
Arguments for and against AN
• Against:– Internet successful because of its simplicity.
• For – Need – Will increase the pace of innovation.– Mobile code technology enables it.– End to end performance of applications will
improve.
![Page 6: Active Networks: Applications, Security, Safety and Architectures](https://reader036.vdocument.in/reader036/viewer/2022062519/56814fa3550346895dbd6204/html5/thumbnails/6.jpg)
Department of Computer Science, Purdue University
End to End Argument:
• A function or service should be placed in the network only if it can be implemented cost effectively.
• Idea of AN is compatible with this argument.
• Some services can best be supported using info available inside the net.
![Page 7: Active Networks: Applications, Security, Safety and Architectures](https://reader036.vdocument.in/reader036/viewer/2022062519/56814fa3550346895dbd6204/html5/thumbnails/7.jpg)
Department of Computer Science, Purdue University
Online Auctions
• The price info by server may not be up-to- date causing client to submit a low bid.
• So auction server will receive bids that are too low and must be rejected.
• In AN such low bids can be filtered out in the network, before reaching the server.
• At heavy load, server activates filters in nearby nodes, updating them with current price periodically.
• Frees server resources for processing competitive bids, reduces net utilization at the server.
![Page 8: Active Networks: Applications, Security, Safety and Architectures](https://reader036.vdocument.in/reader036/viewer/2022062519/56814fa3550346895dbd6204/html5/thumbnails/8.jpg)
Department of Computer Science, Purdue University
Performance..
• Improvement brought about by delegating some of app’s functionality to internal network nodes.
• Normal traffic could infact benefit from active processing which will reduce bandwidth utilization in some regions of the network.
• Doing work within the network reduces the total amount of work done by the app.
![Page 9: Active Networks: Applications, Security, Safety and Architectures](https://reader036.vdocument.in/reader036/viewer/2022062519/56814fa3550346895dbd6204/html5/thumbnails/9.jpg)
Department of Computer Science, Purdue University
Performance
• We need App performance rather than network performance, which are not correlated.
• AN may cause fewer pkts to be sent, with longer per hop latencies because of increased computation and storage.
• Still overall app performance will improve, because of reduced demand for bandwidth at end-points.
![Page 10: Active Networks: Applications, Security, Safety and Architectures](https://reader036.vdocument.in/reader036/viewer/2022062519/56814fa3550346895dbd6204/html5/thumbnails/10.jpg)
Department of Computer Science, Purdue University
Applications
• Active Networks can be beneficial for a variety of applications:– Network Management– Congestion Control– Multicasting– Caching
![Page 11: Active Networks: Applications, Security, Safety and Architectures](https://reader036.vdocument.in/reader036/viewer/2022062519/56814fa3550346895dbd6204/html5/thumbnails/11.jpg)
Department of Computer Science, Purdue University
Congestion Control
• Prime Candidate for Active Networking
• A special case of Network Management.
• It’s an intranetwork event, hence solutions to it should be far removed from the app.
• Delay in congestion information to propagate to the user.
![Page 12: Active Networks: Applications, Security, Safety and Architectures](https://reader036.vdocument.in/reader036/viewer/2022062519/56814fa3550346895dbd6204/html5/thumbnails/12.jpg)
Department of Computer Science, Purdue University
AN and Congestion:
• Active Node can monitor the available bandwidth and control data flow rate accordingly.
• Probe packets can gather congestion information as they travel and Monitor packets can use the info to identify the onset of congestion and regulate the flow accordingly.
• Applications can produce congestion control data according to the situation if they are aware of it, like selective dropping.
![Page 13: Active Networks: Applications, Security, Safety and Architectures](https://reader036.vdocument.in/reader036/viewer/2022062519/56814fa3550346895dbd6204/html5/thumbnails/13.jpg)
Department of Computer Science, Purdue University
Experimental Technologies:
• Network defines a finite set of functions which can be performed at a node on the active packets.
• Header information in each packet called APCI to specify the function.
• Packets processed according to APCI and the header recomputed if the function transforms the data.
• Tested using a Unit Level Dropping Function.
![Page 14: Active Networks: Applications, Security, Safety and Architectures](https://reader036.vdocument.in/reader036/viewer/2022062519/56814fa3550346895dbd6204/html5/thumbnails/14.jpg)
Department of Computer Science, Purdue University
contd..
• Model is conservative, since no executable code travels in the packets. However, it is a step towards more radical changes.
• More complex models will have packets carrying code that makes on the fly routing and congestion control decisions based on information brought to the node by other packets.
• Upcoming congestion tracked and regulation done before congestion takes place.
![Page 15: Active Networks: Applications, Security, Safety and Architectures](https://reader036.vdocument.in/reader036/viewer/2022062519/56814fa3550346895dbd6204/html5/thumbnails/15.jpg)
Department of Computer Science, Purdue University
Multicasting
• Current “passive” schemes provide only partial solution to the problem of NACK implosion, load of retransmissions, duplication of packets.
• Active Reliable Multicast deals with these problems efficiently by storing a soft state and performing customized computation based on packet types.
• Note that not all nodes need to be active for ARM to work. So an ActiveBONE similar to MBONE will work.
![Page 16: Active Networks: Applications, Security, Safety and Architectures](https://reader036.vdocument.in/reader036/viewer/2022062519/56814fa3550346895dbd6204/html5/thumbnails/16.jpg)
Department of Computer Science, Purdue University
Active Reliable Multicast
• Local retransmission handled by caching the multicast packets which reduces both latency and traffic.
• Active router maintains a NACK record and a repair record to perform NACK suppression and scoped retransmission.
• Flexible and robust as active routers do not need knowledge of group topology.
• Results show ARM has lower recovery latency than passive schemes.
![Page 17: Active Networks: Applications, Security, Safety and Architectures](https://reader036.vdocument.in/reader036/viewer/2022062519/56814fa3550346895dbd6204/html5/thumbnails/17.jpg)
Department of Computer Science, Purdue University
Active Network Architectures
• Some architectures carry executable code, which is executable on the data of the packet that carries the code.
• Others place code in the active nodes. Identifiers on the packets used to decide which code to be executed.
![Page 18: Active Networks: Applications, Security, Safety and Architectures](https://reader036.vdocument.in/reader036/viewer/2022062519/56814fa3550346895dbd6204/html5/thumbnails/18.jpg)
Department of Computer Science, Purdue University
Active IP Option:
• Active Packets approach.• Extension to IP Options mechanism.• Option to carry program fragments in a variety of
languages. And to query the languages supported. • Backward compatibility ensured since unknown
options are silently ignored. • Implementation in TCL, to take advantage of
TCL interpreter’s restricted execution environment.
![Page 19: Active Networks: Applications, Security, Safety and Architectures](https://reader036.vdocument.in/reader036/viewer/2022062519/56814fa3550346895dbd6204/html5/thumbnails/19.jpg)
Department of Computer Science, Purdue University
ANTS
• Active Nodes approach. • Network viewed as a distributed programming
system. Packets travel as capsules carrying code.• Some code is comprised of well-known routines
that reside at every active node.• Rest of the application specific code is
transferred by mobile code distribution techniques.
![Page 20: Active Networks: Applications, Security, Safety and Architectures](https://reader036.vdocument.in/reader036/viewer/2022062519/56814fa3550346895dbd6204/html5/thumbnails/20.jpg)
Department of Computer Science, Purdue University
ANTS
• Provides a flexible network service. Default forwarding. New protocols can also be introduced into the network.– Simultaneous use of a variety of network
protocols– Construction and use of new protocols by
mutual agreement among interested parties, rather than their centralized registration.
– Dynamic deployment of these protocols.
![Page 21: Active Networks: Applications, Security, Safety and Architectures](https://reader036.vdocument.in/reader036/viewer/2022062519/56814fa3550346895dbd6204/html5/thumbnails/21.jpg)
Department of Computer Science, Purdue University
Security
• An active packet could consume not only many resources but at a faster rate.
• Denial of service attacks may occur if there is no resource management.
• SANE, a layered architecture proposed at University of Pennsylvania addresses these issues.
![Page 22: Active Networks: Applications, Security, Safety and Architectures](https://reader036.vdocument.in/reader036/viewer/2022062519/56814fa3550346895dbd6204/html5/thumbnails/22.jpg)
Department of Computer Science, Purdue University
Architecture of ANTS
• The requirements for having a flexible network layer met by having:– Packets replaced by capsules, dictate the
processing to be performed on their behalf. – Selected routers replaced by active nodes.
Provide an API for capsule processing and execute those routines safely.
– A code distribution mechanism to enable active nodes to download code when needed.
![Page 23: Active Networks: Applications, Security, Safety and Architectures](https://reader036.vdocument.in/reader036/viewer/2022062519/56814fa3550346895dbd6204/html5/thumbnails/23.jpg)
Department of Computer Science, Purdue University
SANE Architecture
• A Computer system is organized as a series of layers, each of which defines a virtual machine.
• Higher levels trust the integrity of the lower layers. • Uses AEGIS, a secure bootstrap architecture to cold-
start the system.• Assumes a PKI Infrastructure for node to node
Authentication.• Uses a special programming language, PLAN, which
is statically type checked and is pointer safe.
![Page 24: Active Networks: Applications, Security, Safety and Architectures](https://reader036.vdocument.in/reader036/viewer/2022062519/56814fa3550346895dbd6204/html5/thumbnails/24.jpg)
Department of Computer Science, Purdue University
Current Work
• SANE at University of Pennsylvania.
• Georgia Tech- congestion control.
• Bowman an OS for Active Nodes.
• ARM and active Router Architecture for Multicasting.
![Page 25: Active Networks: Applications, Security, Safety and Architectures](https://reader036.vdocument.in/reader036/viewer/2022062519/56814fa3550346895dbd6204/html5/thumbnails/25.jpg)
Department of Computer Science, Purdue University
Conclusions
• Definitely an exciting step in network design. • Can potentially solve many of the current
problems in passive networks, with a wide application range.
• Will increase the pace of innovation, through rapid deployment and testing of new research.
• However, most of the current implementations haven’t been deployed on a large-scale net.
• Security requirements are enormous!