integrating active networking and commercial grade
play

Integrating Active Networking and Commercial-Grade Routing - PowerPoint PPT Presentation

Mar 17, 2024 •211 likes •566 views

Integrating Active Networking and Commercial-Grade Routing Platforms The University of Maryland Rob Jaeger (rfj@cs.umd.edu) J.K. Hollingsworth Bobby Bhattacharjee 1 The Network Paradigm Spectrum The Network Paradigm Spectrum Active

  1. Integrating Active Networking and Commercial-Grade Routing Platforms The University of Maryland Rob Jaeger (rfj@cs.umd.edu) J.K. Hollingsworth Bobby Bhattacharjee 1

  2. The Network Paradigm Spectrum The Network Paradigm Spectrum Active Networks Traditional Networks ? - on-the-fly service - end-to-end connectivity introduction - well defined protocols - per-flow granularity - increasingly perform possible forwarding in hardware - inject software in data path 2

  3. Objectives • Implement flow performance enhancement mechanisms without introducing software into data forwarding path — Service defined packet processing in a silicon-based forwarding engine — Policy-based Dynamic packet classifier • Create OPEN platform for introduction of new services — Specify OPEN interfaces for Java applications to control a generic, platform-neutral forwarding plane — Enable downloading of services to network node — Allow object sharing and inter-service communication 3

  4. Accomplishments — JVM on a Silicon-Based Routing Switch — ORE - Oplet Run-time Environment – Java-enabled platform for secure downloading and safe execution of services – Ensures required services are installed for a downloaded Oplet — Java SNMP API (proxy mode for non Java devices) — Implementation of Network Forwarding API (JFWD) — RESULT: Dynamic Classification in Silicon-Based forwarding engine on a Gigabit Routing Switch 4

  5. Oplet Runtime Environment Overview • A platform to dynamically deploy services on network elements • Desirable properties — Portable to many different devices — Secure, reliable — Low impact on device performance — Open — Provide a framework to structure code – Reusable, maintainable, robust • Implemented in Java 5

  6. Basic Concepts • Oplet Runtime Environment (ORE) — A kernel that manages the life cycle of oplets and services — Provides a registry of services • Services — The value being added. Minimal constraints — Represented as a Java interface • Oplets — The unit of deployment: a JAR file — Contains meta-data (eg signatures, dependency declarations) — Contains services and other resources (data files, images, properties, JAR files) 6

  7. Architecture Oplet Oplet Service Oplet Service Service Oplet Service Service Oplet Runtime Environment Java Virtual Machine API Extensions 7

  8. Oplet Lifecycle • Install — Loaded from URL • Start — Services that are depended on must already be started • Stop — Any oplets that depend on this oplet’s services will be stopped — Code and data can be unloaded from ORE • Uninstall 8

  9. Dependencies • A service S can use facilities provided by another service T • This means that the oplet containing S has a dependency on service T • Before an oplet can be started, all of its dependent services must have been started • ORE manages dependencies and lifecycle of oplets and services 9

  10. Some services • Bootstrap (ORE start time) - basic configuration • Log - Centralized logging for oplets • HTTP server — Simple servlet support • Command line shell - — service depends on shell to register commands • Administration commands - — Manage oplets and services • Access to router resource including hardware instrumentation via JMIB 10

  11. Security Issues • Sandbox — Each oplet provides a Java name space and applet-like sandbox • Signed oplets — Oplets can be signed for assigning trust • Denial of service — Vulnerable to DoS (memory, cycle, bandwidth, peristent storage, monitors) like all Java applications — resource management is a problem 11

  12. ORE Status • Done now — Runs on several Nortel routing products — Run on workstations — First release of ORE SDK complete — JMIB monitor/control system through MIBs — JFWD 12

  13. Future ORE work • Capabilities — Revocable services • Security — Java 2 style permissions to perform operations • Resource limits, DoS protection — Probably requires support from JVM • Jini, Oplet Directory - locate and load services • Agents/Services • Open source 13

  14. Open Device Architecture Open Device Architecture ORE Service C/C++ Java API API JNI Download Oplet Device ORE Code I P A Device JVM D Drivers W F Operating System J Device HW 14

  15. Silicon-based Forwarding Engines Silicon-based Forwarding Engines Control Plane CPU Switching Fabric Wire Speed Forwarding Forwarding Forwarding Forwarding Rules Rules Rules . . . Forwarding Forwarding Forwarding Processor Processor Processor Statistics Statistics Statistics &Monitors &Monitors &Monitors 15

  16. Dynamic Configuration of Forwarding Rules Dynamic Configuration of Forwarding Rules Dynamic Policy CPU Forwarding Rules Forwarding Forwarding Forwarding Forwarding Processor Processor Processor Processor SW HW 16

  17. CarbonCopy Capability CarbonCopy Capability CPU Forwarding Forwarding Forwarding Forwarding Processor Processor Processor Processor 17

  18. Dynamic Packet Configuration Dynamic Packet Configuration Policy DSC Service Filters Filter Packet Packet Forwarding Forwarding Processor Processor Packet 18

  19. Dynamic Classification • Identify real-time flows (e.g. packet signature/flowId ) 1 Use CarbonCopy filters to deliver multimedia control protocols to control plane – e.g. SIP, H.323. RTSP – Determine dynamically assigned ports from control msgs 2 Use CarbonCopy filters to sample a number of packets from the physical port and identify RTP packets/signature • Set a packet processing filter for packet signature to: — adjust DS-byte OR — adjust priority queue 19

  20. JFWD 5-tuple Filtering • copy the packet to the control plane • don't forward the packet • set TOS field • set VLAN priority • adjust priority queue 20

  21. ANTS on Gigabit Router ANTS on Gigabit Router Demo - 1 Demo - 1 21

  22. ANTS Demo Configuration • RoutingSwitch loads boot image from TFTP server Laptop 1 • RoutingSwitch dynamically loads Oplets from the Class Server ORE Services • Laptop 1 originates the ping • Router gets Ping code from Laptop 1. • Router “evaluates” ping Java-enabled Laptop 2 Routing Switch • Ping forwarded to Laptop2 • Laptop 2 requests code • Laptop 2 perform ping reply 1. Class Server 2. TFTP Server 22

  23. ANTS Demo Demo 1 AN Ping AN Ping AN Ping ORE Services Laptop 2 Laptop 1 Java-enabled Routing Switch 23

  24. ANTS Demo AN_Ping AN_Ping Application Application ANTS EE ANTS EE Service Ping Capsule ORE JVM JVM WIN-95 Routing Switch DLResponse DLBootstrap Capsule Capsule DLRequest Capsule 24

  25. ANTS Demo • Java application running on the router • ORE facilitate downloading services • Interoperable with ANTS Distribution • Minimum changes to make it conform to ORE service specification 25

  26. Dynamic Filtering & Configuring Dynamic Filtering & Configuring Demo - 2 Demo - 2 26

  27. Demo 2 Dynamic - On the Fly Configuration Dynamic - On the Fly Configuration Policy AN Apps Filters Filter Packet Packet Forwarding Forwarding Processor Processor Packet 27

  28. Dynamic - On the Fly Configuration Dynamic - On the Fly Configuration • From downloadable Java application, we can modify the behavior of the ASICs 28

  29. Active Networks Packets Interception Demo 3 - 29

  30. Active Networks Packet Capture Active Networks Packet Capture Demo 3 AN Apps JFWD to Divert or Copy CPU Wire Speed Forwarding Forwarding Forwarding Forwarding Processor Processor Processor Processor Packet 30

  31. Packet Divert Application Application • Active Network topology is unknown Execution Execution • ANEP packets NOT addressed to Environment Environment this node are delivered to the control plane for processing ANEP • ANEP daemon receives packets ANEP packet and delivers them to the appropriate EE based on TypeID Filter ASIC 31

  32. Active Networks Packet Capture Active Networks Packet Capture • Be able to get the packets from the forwarding plane to the control plane • Process Active Networks packets in the control plane 32

  33. Experimental Setup Source 1 Acclear tcp_send() 100 Mbps 1100B Destination Routing 1. tcp_recv() Switch 100 Mbps 2. tcp_recv() Source 2 tcp_send() 100 Mbps 33

  34. 100 Start Change End 2nd Flow Priority 2nd Flow 80 60 Mbps 40 20 Low Priority 0 High Priority 0 1 2 3 4 5 6 7 8 9 10 Seconds 34

  35. Summary • Developed the ORE for downloading and safely running services onto network devices • Without introducing software into data path we performed Dynamic Classification of flows in a Silicon-Based Gigabit Routing Switch — Introduced a new service to a Gigabit Routing Switch — Identified real-time flows — Performed policy-based flow behavior classification — Adjusted DS-byte value — Showed that flow performance can be improved For more info email: rfj@cs.umd.edu 35

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

QUG 2012 - New and Updated Products QSS Commercial Grade Dedication Responded to Industry

QUG 2012 - New and Updated Products QSS Commercial Grade Dedication Responded to Industry

QUG 2012 - New and Updated Products QSS Commercial Grade Dedication Responded to Industry Request CD Process Implemented January 2012 All sizes converted March 2012 Offering only CD SR or Commercial POs QSS Commercial Grade

235 views • 19 slides
TIMFIE sampler - A new time-integrating, active, low -tech sampling device for quantitative

TIMFIE sampler - A new time-integrating, active, low -tech sampling device for quantitative

TIMFIE sampler - A new time-integrating, active, low -tech sampling device for quantitative monitoring of pesticides in w hole w ater Time-Integrating, Micro Flow, In-line Extraction Ove Jonsson Swedish University of Agricultural Sciences

236 views • 21 slides
Active Networking ECE/CS598HPN Instructor: Radhika Mittal Active Network Definition Network

Active Networking ECE/CS598HPN Instructor: Radhika Mittal Active Network Definition Network

Active Networking ECE/CS598HPN Instructor: Radhika Mittal Active Network Definition Network nodes (routers) can perform computation on, and modify, packet contents. This processing can be customized on a per-user per-customer basis.

214 views • 20 slides
Transit-oriented development (TOD) integrating rail and commercial development schemes 3rd

Transit-oriented development (TOD) integrating rail and commercial development schemes 3rd

Atkins Lectures Transit-oriented development (TOD) integrating rail and commercial development schemes 3rd Annual Modern Railways Conference, Singapore Jason Hutchings, technical director, Architecture 29-31 May 2013 Developing an

221 views • 21 slides
A little bit about us The Commercial Dive industry has been active in Tasmania for over three

A little bit about us The Commercial Dive industry has been active in Tasmania for over three

A little bit about us The Commercial Dive industry has been active in Tasmania for over three decades, holding access rights to a number of species including Centrostephanus . Recent years have seen rapid industry expansion, assisted by

562 views • 13 slides
integrating SSEG in commercial and municipal distribution networks by Christopher Gross, South

integrating SSEG in commercial and municipal distribution networks by Christopher Gross, South

Challenges and opportunities for integrating SSEG in commercial and municipal distribution networks by Christopher Gross, South African German Energy Programme (SAGEN), GIZ Background information on GIZ As a governmental organisation,

281 views • 25 slides
11/21/2016 Disclosure of Commercial Interests I have commercial interest in Functional Pathways:

11/21/2016 Disclosure of Commercial Interests I have commercial interest in Functional Pathways:

11/21/2016 Disclosure of Commercial Interests I have commercial interest in Functional Pathways: Cydney Bare, MBA, CNHA, FACHCA, CEAL, RAC-T Regional Vice President of Strategic Development Contract Therapy Provider Integrating Your

723 views • 11 slides
Integrating OpenStack with Active Directory (Because AD != LDAP) Craig Jellick

Integrating OpenStack with Active Directory (Because AD != LDAP) Craig Jellick

Integrating OpenStack with Active Directory (Because AD != LDAP) Craig Jellick Mike Dorman cjellick@godaddy.com mdorman@godaddy.com Go Daddy OpenStack Cloud Platform Group Agenda OpenStack at Go Daddy Keystone

875 views • 28 slides
CapitaLand Commercial Trust Singapores First and Largest Commercial REIT The Acquisition of

CapitaLand Commercial Trust Singapores First and Largest Commercial REIT The Acquisition of

CapitaLand Commercial Trust Singapores First and Largest Commercial REIT The Acquisition of Gallileo, a Grade A Commercial Property in Frankfurt, Germany 17 May 2018 1 Important Notice This presentation has been prepared by CapitaLand

654 views • 33 slides
@ Jalan Tun Razak Award-Winning World Class Grade A Office Space BEST DEVELOPER Commercial /

@ Jalan Tun Razak Award-Winning World Class Grade A Office Space BEST DEVELOPER Commercial /

@ Jalan Tun Razak Award-Winning World Class Grade A Office Space BEST DEVELOPER Commercial / Office / Retail (Built) 1/21 Updated : 07/06/2018 2/21 Here comes your footer KUALA LUMPUR MALAYSIA An iconic & landmark 20-storey Grade

251 views • 21 slides
FLASHback: RELAP at Fifty (RELAP5-3D Commercial Grade Dedication at BWXT) R. P. Martin, Methods

FLASHback: RELAP at Fifty (RELAP5-3D Commercial Grade Dedication at BWXT) R. P. Martin, Methods

FLASHback: RELAP at Fifty (RELAP5-3D Commercial Grade Dedication at BWXT) R. P. Martin, Methods Lead BWX Technologies, Inc. MMMMM DD, YYY .1 Outline Commercial Grade Dedication process for RELAP5-3D V&V process for RELAP5-3D per

496 views • 36 slides
Roadmap for Section A.1 General Concepts - Windows Networking Domains & Active Directory The

Roadmap for Section A.1 General Concepts - Windows Networking Domains & Active Directory The

Unit OS A: Windows Networking A.1. Networking Components in Windows Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section A.1 General Concepts - Windows Networking Domains &

443 views • 28 slides
Herding networking cats: Integrating Linux routing with FusionCLI Stephen Hemminger

Herding networking cats: Integrating Linux routing with FusionCLI Stephen Hemminger

Herding networking cats: Integrating Linux routing with FusionCLI Stephen Hemminger shemminger@vyatta.com Vyatta versions http://vyatta.org http://vyatta.com Free download Subscription livecd Update 2x year Update 4x

645 views • 19 slides
Commercial Property Assessed Clean Energy Financing AGENDA 12:00 | Lunch and Networking

Commercial Property Assessed Clean Energy Financing AGENDA 12:00 | Lunch and Networking

FAIRFAX COUNTY LUNCH + LEARN Commercial Property Assessed Clean Energy Financing AGENDA 12:00 | Lunch and Networking (sponsored by John Marshall Bank, Tysons Corner Region) 12:10 | Welcoming Remarks from Supervisor Penny Gross 12:15 |

707 views • 41 slides
Secure Kubernetes Container Workloads with Production-Grade Networking Cynthia Thomas Irena

Secure Kubernetes Container Workloads with Production-Grade Networking Cynthia Thomas Irena

Secure Kubernetes Container Workloads with Production-Grade Networking Cynthia Thomas Irena Berezovsky Tim Hockin CIA IT operations have top secret apps for their agents, most of which require isolation Antoni is in Ops and wants to help CIA

458 views • 31 slides
MUSCLEGLOSS.COM MUSCLEGLOSS.COM MuscleGloss is a commercial grade 100% INTRODUCTION solids

MUSCLEGLOSS.COM MUSCLEGLOSS.COM MuscleGloss is a commercial grade 100% INTRODUCTION solids

MUSCLEGLOSS.COM MUSCLEGLOSS.COM MuscleGloss is a commercial grade 100% INTRODUCTION solids epoxy. This means that 100% of the liquid epoxy converts into a solid, with no product loss from evaporation during the during process. There are

496 views • 15 slides
You want to forward your incoming emails to your secretary. You give your private key to

You want to forward your incoming emails to your secretary. You give your private key to

You are now away for Africacrypt. You want to forward your incoming emails to your secretary. You give your private key to your secretary? You deploy your private key on your machine? 2 I want Bob to decrypt (and act) for me

686 views • 30 slides
Course Policies MWF 1:00 - 1:50pm, CLARK A201 Section 002 MWF 3:00 - 3:50pm, CLARK

Course Policies MWF 1:00 - 1:50pm, CLARK A201 Section 002 MWF 3:00 - 3:50pm, CLARK

8/25/13 Hello Hello World World Instructor Chris Wilcox Section 001 Course Policies MWF 1:00 - 1:50pm, CLARK A201 Section 002 MWF 3:00 - 3:50pm, CLARK A203 TOPICS Office Hours T 11:00-noon, COMSC 256

480 views • 7 slides
Advanced Mail Computer Center, CS, NCTU 1 Computer Center, CS, NCTU Introduction What is

Advanced Mail Computer Center, CS, NCTU 1 Computer Center, CS, NCTU Introduction What is

hyili Advanced Mail Computer Center, CS, NCTU 1 Computer Center, CS, NCTU Introduction What is Email SPAM? Also known as junk email Ex. Phishing mail, malware mail, and unsolicited email Problem of SPAM In 2016, Over

848 views • 47 slides
CS 598: Advanced Internet Lecture 2: Project Ideas Brighten Godfrey pbg@illinois.edu Fall 2009

CS 598: Advanced Internet Lecture 2: Project Ideas Brighten Godfrey pbg@illinois.edu Fall 2009

CS 598: Advanced Internet Lecture 2: Project Ideas Brighten Godfrey pbg@illinois.edu Fall 2009 1 Announcements Reminder: email me your name/email/ background Slight change in office hours this week: 10-11a.m. Fri (instead of

698 views • 47 slides
Ahmed Gaffar Email: ahmed_gaffar@yahoo.com Telematics Group Institute for Informatics

Ahmed Gaffar Email: ahmed_gaffar@yahoo.com Telematics Group Institute for Informatics

Modeling & analyzing Location Routing in Sensor Networks. & Design & Analysis of (HIT) for Sensor Networks Ahmed Gaffar Email: ahmed_gaffar@yahoo.com Telematics Group Institute for Informatics University of Gttingen, Germany

264 views • 22 slides
(First) NSF AiTF Workshop on Algorithms for Software-Defined Networking Michael Dinitz Vyas

(First) NSF AiTF Workshop on Algorithms for Software-Defined Networking Michael Dinitz Vyas

Welcome! (First) NSF AiTF Workshop on Algorithms for Software-Defined Networking Michael Dinitz Vyas Sekar JHU CMU 1 Context for this workshop Software-defined Networking taking off! E.g., Google Software-defined WAN E.g.,

501 views • 9 slides
Electronic Mail Prof. Indranil Sen Gupta Professor, Dept. of Computer Science & Engineering

Electronic Mail Prof. Indranil Sen Gupta Professor, Dept. of Computer Science & Engineering

Electronic Mail Prof. Indranil Sen Gupta Professor, Dept. of Computer Science & Engineering Indian Institute of Technology Kharagpur 1 Introduction Most heavily used application on the Internet. Simple Mail Transfer Protocol

555 views • 27 slides
15 Years of Broken Encrypted Emails and were still doing it wrong Alfredo Pironti

15 Years of Broken Encrypted Emails and were still doing it wrong Alfredo Pironti

15 Years of Broken Encrypted Emails and were still doing it wrong Alfredo Pironti IOActive alfredo.pironti@ioactive.com IMDEA - NEXTLEAP 3 Mar 2017 1 Agenda Intro to OpenPGP An efficient attack on signatures And

459 views • 25 slides

More recommend