Growing of Internet a permanent challenge for designers and network - - PowerPoint PPT Presentation
Growing of Internet a permanent challenge for designers and network engineering Ji Navrtil jiri@cesnet.cz European Future Networking Initiatives Workshop 22.2.2007 Amsterdam Introduction to EFNI w orkshop Internet expansion and
Jiří Navrátil jiri@cesnet.cz
European Future Networking Initiatives Workshop 22.2.2007 Amsterdam
BGP table analysis Partial visibility of the Internet from one router
(from the routing tables)
Source: http://www.caida.org/tools/measurement/skitter/
Speed and capacity ? In network backbones ? In aggregation networks? last mile ? wireless (ad hoc networks, Wimax) ? Access to the network ? from individual machines (PC,MAC,Linux), Supercomputers, PDA, phones, edge points Distribution of services in requested quality to end users to universities, offices (thousands of sites in each country) to homes (millions of access points) mobile users Utilization of existing networks (Measurement and monitoring) How do we know what users are doing and what they want, what are the loads od individual segments of Internet ? Security aspects ?
Yes, definitely, all of these areas has own difficulties and clear road map for future developments However, they don’t threaten the system as whole
because of reusable private IP, NAT. It is reason why IPv6 is not so hot
the other systems start to use own naming strategy based on GUID
ISPs - routing policy). All other known protocols are unacceptable, technically problematic and they are used just locally, many existing routes is not used, quality of routes is not under control BGP4 ? Yes, Introducing AS was step to aggregation for routing purposes, it helps to postpone problem with effectiveness of routing. AND the # of ISP and # of AS grow exponentially !
10000 20000 30000 40000 50000 60000 70000 80000 1988 92 94 95 96 97 98 99 2000 The grow of Internet Routing Tables #routes
CIDR, PRIVATE IP, NAT bring slowdown of growing RT Expectations 70000 routes 350
(in 2000 - 980 millions of users ???) In history
Remark.
Individual lines are prefixes (paths) from different peers
Grow in 94– 06 Source http://www.routeviews.org/dynamics
Flapping = routes on- off-on-off … http://sahara.cs.berkeley.edu/jan2004-retreat/slides/mcc_rootcause_sahara.ppt
How AS grow ing brings problem to BGP This is a reason why your engineers needs more and more powerfull systems
– Ignores many existing alternate paths – Prevents sophisticated algorithms – Route selection uses fixed, simple metrics – Routing isn’t sensitive to path quality (See next examples)
Paxson (95-97) 3.3% of all routes has serious problems Labovitz (97-00) 10% of routes available <95% of time 65% of routes available <99.9 3 minutes minimum detection time for failure average recovery ~ 15 minutes Chandra (01) 5% of faults last more than 2 hours 45 minutes Wang (06) 80 % of problems on the path is caused by routing
David Andersen, Hari Balakrishnan, Frans Kaashoek, and Robert Morris MIT Laboratory for Computer Science http://nms.lcs.mit.edu/ron/ Experimental testbed running for users, Main problems
Via Abilene Via CALREN/CENIC
Example of routing changes (path SLAC – CALTECH)
Traceroute analysis
Menu
ABwE Overview
PROBLEM IS NOT ONLY TO HAVE NAME (registration) But how TO HANDLE resolution (conversion from/to IP) and UPDATE databases which are bigger and bigger TLD ns ns ns ns ns ns ns ns ns ns ns ns ns ns
.cvut. .fel. .cz .fjfi.
TLD ns ns ns ns ns ns ns ns ns ns ns ns ns com
.de
Most request is resolved on the lowest level but not all data are available => Recursing requests
.hp.
.ibm.
Recursing requests
browsers
.fs.cvut.cz
Remember: Each nice Web page can contain several resolutions !!
(reference to icon/picture/doc located somewhere in Internet) and for seeing it must be resolved !!
.nl
What is the rate of DNS updates and big volume of data it represents ? 1-2 M updates/hour on root DNS 20 top ASes make 50 % updates (China, US, Spain) 97% updates is from WINDOWS machines
Wrong coordination between DHCP and DNS for private IP can creates unwanted traffic and requests to global DNS. This leakage is inappropriate from the traffic and also from the security aspects.
REFERENCE CAIDA papers: A.Broido, E.Nemeth, kc claffy, SPECTROSCOPY of Private DNS update Sources A.Broido, H.Shang, M.Fomenkov, Y.Hyun, kc claffy, The Windows of Private DNS Updates
How DNS will react on machine-machine applications (crowlers, traffic reviewer,..) How is robust, scalable, sensitive to the attacks and misconfigurations All these systems were designed for traffic loads that reflect the rate and complexity of human activities
in 2005 as reaction to existing problems
from Darleen Fisher and Guru Parulkar NSF-CISE presentation
from Darleen Fisher and Guru Parulkar NSF-CISE presentation
from Darleen Fisher and Guru Parulkar NSF-CISE presentation
From: David Alderson CALTECH , NSF Find meeting, Dec. 2005
Situation is getting worse
Larry Peterson Princeton University: A Strategy for Continually Reinventing Internet (May 2005)
many architectional proposals ( look on the statistics RFC, papers, etc.) research community is ready to making it real Enabling technology Infrastructure exists (NLR, Planetlab, .. GN2,.. }
HOW ?
Two paths for changes Incremental Clean-Slate (replace Internet with new architecture) many problems on first path (many limits, hard manage,, vulnerability, hostile) there are Barriers to second path: Internet ossificated, cannot be replaced Inadequate validation of potential solutions
production testbed = incremental change experimental testbed = no real users !
Experiments with new architectures at global scale
http://nile.wpi.edu/NS/
Peter A.Freeman NSFVICE Jan 2006
2007
Filling GAP (validate new arch. Under realistic conditions Keep potential deployment in sight) Work on existing experimental. infrastructure Emulab front-end to PlanetLab Experiments spanning some combination of… Emulab + ORBIT + WAIL + PlanetLab ViNI: Virtualized Network Infrastructure PlanetLabslices on layer 2 networks (NLR + Abilene) Internet-in-a-Slice (Click + XORP)
2009 ? ?
Planetlab node as INGRESS NLR as high-speed backbone Each architecture (service) runs in own slice Larry Peterson Princeton University: A Strategy for Continually Reinventing Internet (May 2005)
In “A Strategy for Continually Reinventing Internet” (May 2005, Larry Peterson)
Source: From GENI backbone working group
You can separate the tasks into independent HW (computers) each responsible for part of the whole system).
The programs that should control many different entities in real time with complex timing often multiplicatively same for different segments of the huge systems are rather complex.
The computers are more and more powerful so they are ready to work in “pseudo parallel mode” and to accept some overhead. Application software is much simple.
The reason is not only the distribution of the load but also distribution of complexity.
The next step is to create more independent systems (virtual machine VM)
The complexity for writing and running application is much lower than in original design
– Extends concept of “filters” normally found on routers – A relatively small number of GPFs can be used as building blocks for a large number of applications
code!
– Supports flexible classification, computation, and actions – GPFs are executed in numeric order:
L2 Switching Engine w/ARP L2 Switching Engine w/ARP Packet filter 1 Packet filter 2 Packet filter n Default filter
Source : http://sahara.cs.berkeley.edu/jan2004-retreat/index.html
http://sahara.cs.berkeley.edu/jan2004-retreat/slides/tsai_routervm_1-9-04.ppt
Source : http://sahara.cs.berkeley.edu/jan2004-retreat/index.html
http://sahara.cs.berkeley.edu/jan2004-retreat/slides/tsai_routervm_1-9-04.ppt
IP TCP HTTP iSCSI FCIP MPLS Ethernet ATM …? Intrusion Detect NAT Store/Ret. State TCP/IP lookup Checksum Count/Tag …? Error Detect Drop Route Load Balance Replace Fields Resize Pkt Encrypt Forward Compress …?
Classify Infer Act
sublayer 4 sunlayer 3 sublayer 2
Edge node Edge node Edge node Edge node
(BASED ON PNE ?)
sublayer 1 RN4 RN1 RN3 RN5 RN2 RN1 RN5 RN4 RN1 RN5 RN4 RN1 RN5 RN4
Different application packets
Core Core netw ork tw ork
Different application packets
Domain X Domain Z Group/class of applications
“Y” “P” “G” “B”
(voice) (video) (interactive gaming) (data)
Different L2 allocation between RN, different routing for each L3 sub-layer λ λ1 λ2 λ3 λ4
RN = routernode
“Slicing” SHARED IP layer in horizontal level
Questions: Who can create applicaton layer?
*jn*
JVM, ISOLATES etc. http://java.sun.com/developer/technicalArticles/Programming/mvm/
Sun's Multi-tasking Virtual Machine runs several Java applications, called isolates The overlay is the single application that runs in the JVM, but it allows several pseudo-applicationsn run concurrently ontop of it. A standard Java Virtual Machine is a multi-thread-enabled but mono-application environment
INTERNET Lastmile Lastmile
Gateway operator
VOD VOD HDTV IPTV
Open Service Gateway
Service providers
Open Service Gateway MULTISERVICE MULTIUSER
The overlay is the single application that runs in the JVM, but it allows several pseudo-applicationsn run concurrently ontop of it.
Multi-user Java Environment.
The gateway operator, through the core service gateway, acts much like a Unix root user. He allows users (service providers) to launch their shell or execution environment (their virtual service gateway). The core gateway runs services accessible to all users More details:http://perso.citi.insa-lyon.fr/sfrenot//publications/royonCBSE06vosgi.pdf . However, contrary to Unix root users, the core gateway does not have access to service gateways' data, files, etc, since these would belong to different, potentially competing companies. Source: MUSE -NRIA
Event Channel Virtual MMU Virtual CPU Control IF
Hardware (SMP, MMU, physical memory, Ethernet, SCSI/IDE)
Native Device Driver
GuestOS
(XenLinux)
Device Manager & Control s/w VM0
Native Device Driver
GuestOS
(XenLinux)
Unmodified User Software VM1
Front-End Device Drivers
GuestOS
(XenLinux)
Unmodified User Software VM2
Front-End Device Drivers
Unmodified GuestOS (WinXP))
Unmodified User Software VM3
Safe HW IF
Xen Virtual Machine Monitor
Back-End Back-End
VT-x x86_32 x86_64 IA64 AGP ACPI PCI SMP
http://www.planet-lab.org
VS – Virtual server Independent OS LINUX (BSD) running on VM, with own administartion including root with own file system and computation capability
Slice set of VS on different VM
N4 N2 N3 N7 N8 N1 N9 N5 N6
On each node can run more users (slices) Each of them is running in own virtual system One user can run more applications
SLICE
Node
SLICE A1 (N3,N1,N2,N3,N4,N5,N6.N7,N8,N9) SLICE A2 (N1,N5,N6,N4,N8) SLICE A3 (N1,N2,N7,N10 N10 SLICE A4 (N3,N6,N5,N4)
What is emulation?
the ability to mimic another machine on your computer. You can run the same programs that you would on whatever the other machine is.
http://www.cs.utah.edu/flux/testbed-docs/emulab-dev-jan06.pdf
switch wired