Open Programmable Architecture for Java-enabled Network Devices Tal - - PowerPoint PPT Presentation

open programmable architecture
SMART_READER_LITE
LIVE PREVIEW

Open Programmable Architecture for Java-enabled Network Devices Tal - - PowerPoint PPT Presentation

Nov 27, 2023 551 likes •1.01k views

Open Programmable Architecture for Java-enabled Network Devices Tal Lavian Technology Center Nortel Networks tlavian@NortelNetworks.com Santa Clara University 9/29/99 1 Programmable Network Devices Openly Programmable devices

slide-1
SLIDE 1

9/29/99 1

Santa Clara University

Open Programmable Architecture

for Java-enabled Network Devices

Tal Lavian Technology Center

Nortel Networks tlavian@NortelNetworks.com

slide-2
SLIDE 2

9/29/99 2

Santa Clara University

Programmable Network Devices

Openly Programmable devices enable new types of intelligence on the network

slide-3
SLIDE 3

9/29/99 3

Santa Clara University

Agenda

  • Local Computation
  • New types of applications
  • Architecture
  • API’s
  • Summary
slide-4
SLIDE 4

9/29/99 4

Santa Clara University

Changing the Rules of the Game

  • Move Turing Machine onto

device

— Add local intelligence to network devices

while (true) { doLocalProcessingOnDevice() }

slide-5
SLIDE 5

9/29/99 5

Santa Clara University

Technology Concept Reversed Applet non-bundled application

Server

Web Server Web Browser

Applet The JVM is in the Browser Download applications for local processing Download applications for local processing

slide-6
SLIDE 6

9/29/99 6

Santa Clara University

The Web Changed Everything

  • Browsers

— Introducing JVM to browsers allowed dynamic loading of Java Applets to end stations

  • Routers

— Introducing JVM to routers allows dynamic loading of Java Oplets to routers This Capability WILL Change Everything

slide-7
SLIDE 7

9/29/99 7

Santa Clara University

—JVM on a silicon-based Routing Switch —ORE - Oplet Run-time Environment —Java-enabled Device Architecture —Java SNMP MIB API —Implementation of Network Forwarding API —All of this enables implementation of Dynamic Classification in Silicon-Based Forwarding

Accomplishments

slide-8
SLIDE 8

9/29/99 8

Santa Clara University

Paradigm Shift

  • Supports distributed

computing applications in which network devices participate

— router to router — server to router

  • Supports Intelligent

Agents

  • Supports Mobile Agents

Java-based Application Java-based Application Java-based Application

slide-9
SLIDE 9

9/29/99 9

Santa Clara University

Network Device Dynamic loading

Example: Downloading Intelligence Example: Downloading Intelligence

HW OS JVM

React Monitor Authentication Security Intelligence application

slide-10
SLIDE 10

9/29/99 10

Santa Clara University

Security and Stability

  • secure download of Java Applications
  • safe execution environment

— insulate core router applications from dynamically loaded applications

slide-11
SLIDE 11

9/29/99 11

Santa Clara University

Device-based Intelligence

  • Static-vs-Dynamic Agents

— Static – SNMP set/get mechanisms – Telnet, User Interfaces (cli, web, etc…) — Dynamic closed-loop interaction on nodes – capable of dealing with new and difficult situations – autonomous and rational properties. – dynamically system monitoring & modification – report status and trends

slide-12
SLIDE 12

9/29/99 12

Santa Clara University

Agenda

  • Local Computation
  • New types of applications
  • Architecture
  • API’s
  • Summary
slide-13
SLIDE 13

9/29/99 13

Santa Clara University

New Types of Applications

  • Mobile Agents
  • Local Intelligence for NMS
  • Collaboration among routers
  • Router & Server Collaboration
  • E-commerce
slide-14
SLIDE 14

9/29/99 14

Santa Clara University

Mobile Agents

  • Intrusion Detection - Hacker Chaser
  • Trace-route for Layer 2
  • Mobile Connectivity Mapper
slide-15
SLIDE 15

9/29/99 15

Santa Clara University

Local Intelligence for NMS: Diagnostic Agents

  • Download Intelligent Agent

monitor from NMS to the device.

  • Wait for threshold.
  • Might be complex conditions
  • Trend analysis
  • Send “condition exceeded”

event to NMS.

  • Automatic download

appropriate application

  • Application takes action.

Monitor Appropriate Application

Download Download Complex Condition Exceeded

NMS

No more polling

router

Extensive access to internal resources

slide-16
SLIDE 16

9/29/99 16

Santa Clara University

Application Layer Collaboration Among Routers and Servers

  • Application aware routing
  • Server farm load balancing

— server state monitored — rerouting based on congestion/load

  • Auctioning Applications
slide-17
SLIDE 17

9/29/99 17

Santa Clara University

Applications Aware Forwarding

Business logic based operation changes

  • Resize forwarding queues
  • Modify congestion control algorithm
  • Adjust Packet Scheduling
  • Change routing table
slide-18
SLIDE 18

9/29/99 18

Santa Clara University

Agenda

  • Local Computation
  • New type of applications
  • Architecture
  • API’s
  • Summary
slide-19
SLIDE 19

9/29/99 19

Santa Clara University

ORE - Oplet Run-time Environment

Service A

JVM ORE

Service B Oplet 1 Service C Oplet 2

Why ORE?

slide-20
SLIDE 20

9/29/99 20

Santa Clara University

Node Architecture Node Architecture

Device HW Operating System JVM

Oplet

C/C++ API Java API

Device Code Oplet Runtime Env Device Drivers JNI J F W D A P I ORE Service

Download

slide-21
SLIDE 21

9/29/99 21

Santa Clara University

Architecture Issues

  • Green Threads -vs- Native Threads

— Native threads: – provides non-interference between Java applications – difficult thread-to-thread communication and sharing of data between threads – creates a dependency on underlying RTOS – multiple JVM instances consume resources — Green Threads – single JVM must manage CPU & memory resources between concurrently running threads

slide-22
SLIDE 22

9/29/99 22

Santa Clara University

Evolution of Router Architecture

Line card Line card (forwarding (forwarding buffering) buffering) Line card Line card (forwarding (forwarding buffering) buffering) Line card Line card (forwarding (forwarding buffering) buffering) Line card Line card (forwarding (forwarding buffering) buffering)

CPU CPU Buffer Buffer memory memory Routing software Routing software w/ COTS OS w/ COTS OS Routing software Routing software w/ COTS OS w/ COTS OS

NI as NI as line card line card NI as NI as line card line card NI as NI as line card line card

... ...

Routing Routing CPU CPU Buffer Buffer memory memory Routing software Routing software w/ router OS w/ router OS Routing software Routing software w/ router OS w/ router OS

Centralized, Centralized, CPU-based Model CPU-based Model Distributed, Distributed, line-card based Model line-card based Model Control + Forwarding Control + Forwarding Functions combined Functions combined Control separated Control separated From forwarding From forwarding

Added scalability, Flexibility, extensibility

slide-23
SLIDE 23

9/29/99 23

Santa Clara University

Explicit Separation of Control Plane from Data Forwarding

Forwarding Element Forwarding Element Control Element Forwarding Element

Forwarding R

  • u

t i n g

Shared Memory

Packet Flow

Forwarding Forwarding Forwarding

Forwarding/ Flow/filter Table Download CPU

Line Card

Traditional device

Line Card

slide-24
SLIDE 24

9/29/99 24

Santa Clara University

Separation of Control and Forwarding Planes

Centralized, Centralized, CPU-based Router CPU-based Router Forwarding-Processors Forwarding-Processors based Router based Router Control + Forwarding Control + Forwarding Functions combined Functions combined Control separated Control separated From forwarding From forwarding CPU

Routing SW

CPU

Control Plane

Forwarding Processor Forwarding Processor Forwarding Processor

Slow Wire Speed

slide-25
SLIDE 25

9/29/99 25

Santa Clara University

Open Networking Architecture

Network Services Protocol Connect Transport Interface Real-time OS Network Si Network OS Network Services Objects Server Operating System U n i f i e d p o l i c y - b a s e d ma n a g e me n t Forwarding element Control element Application server

Today

Networking Box Level Hardware Proprietary NOS Proprietary Apps Custom Switch ASIC’s

Vertical Proprietary Open

IP Telephony VPN Policy Server Firewall

slide-26
SLIDE 26

9/29/99 26

Santa Clara University

Dynamic Configuration of Forwarding Rules Dynamic Configuration of Forwarding Rules

CPU

Forwarding Processor Forwarding Processor Forwarding Processor Forwarding Processor

Forwarding Rules

SW HW

Forwarding Rules Forwarding Rules Forwarding Rules

AN Apps

slide-27
SLIDE 27

9/29/99 27

Santa Clara University

Real-time forwarding Stats and Monitors Real-time forwarding Stats and Monitors

CPU

SW HW

AN Apps

Forwarding Processor

Forwarding Rules

Statistics &Monitors Forwarding Processor

Forwarding Rules

Statistics &Monitors Forwarding Processor

Forwarding Rules

Statistics &Monitors

slide-28
SLIDE 28

9/29/99 28

Santa Clara University

Dynamic - On the Fly Configuration Dynamic - On the Fly Configuration

Forwarding Processor Forwarding Processor Packet

Policy Filters

AN Apps

Packet Packet Filter

slide-29
SLIDE 29

9/29/99 29

Santa Clara University

Active Networks Packet Capture Active Networks Packet Capture

CPU

Forwarding Processor Forwarding Processor Forwarding Processor Forwarding Processor

AN Apps

JFWD to Divert or Copy Wire Speed

Packet

slide-30
SLIDE 30

9/29/99 30

Santa Clara University

Scaling up Active Networks Routing Protocol to commercial networks

  • Overcome the need to predefine the next hop

Overcome the need to predefine the next hop

  • No need to know AN topology a head of time
  • Divert/CarbonCopy specific packets to control

plane (e.g. packets on ANEP port )

  • Wire speed of all other packets
  • End to end forwarding
  • Future: Active Networks Routing Protocols
slide-31
SLIDE 31

9/29/99 31

Santa Clara University

Mixed Topology of AN system Mixed Topology of AN system

  • AN Node
  • Non AN Node

NO need to know the AN topology ahead of time

slide-32
SLIDE 32

9/29/99 32

Santa Clara University

Virtual Topology of AN system Virtual Topology of AN system

  • AN Node
  • Non AN Node

NO need to know the AN topology ahead of time

slide-33
SLIDE 33

9/29/99 33

Santa Clara University

Java Environment

  • Green Threads -- Present RTOS with

single unified task that includes:

— Java VM (JVM) — Java Resource Manager (JRM) – thread scheduling – manages CPU utilization

–JVM time-slice is managed by the JRM

preemptive thread scheduler – internal memory manager (intercepts “new”) – garbage collection with priority based on available memory

slide-34
SLIDE 34

9/29/99 34

Santa Clara University

Non-Interference w/ Single JVM

  • Multiple threads compete for resources

— memory — CPU — persistent storage

  • Denial-of-service attacks possible

— memory or CPU consumption attacks — trusted/untrusted service interactions

slide-35
SLIDE 35

9/29/99 35

Santa Clara University

Why Java

  • Reuse security mechanisms

— byte-code verifier — security manager — classloader

  • System stability

— constrains applications to the JVM — Prohibits native code applications

  • Extensible, portable, & distributable

services

slide-36
SLIDE 36

9/29/99 36

Santa Clara University

But Java is slooowwwww

  • Not appropriate in the

fast-path data forwarding plane

— forwarding is done by ASICs — packet processing not affected

  • Java applications run on

the CPU

— Packets destined for Java application are pushed into the control plane

slide-37
SLIDE 37

9/29/99 37

Santa Clara University

Strong Security in the new model

  • The new concept is secure to add 3rd

party code to network devices

— Digital Signature — Administrative “Certified Optlet” — No access out of the JVM space — No pointers that can do harm — Access only to the published API — Verifier - only correct code can be loaded — Class loader access list — JVM has run time bounds, type, and execution checking

slide-38
SLIDE 38

9/29/99 38

Santa Clara University

Old model Security (C/C++)

  • Old model: Not safe to add 3rd party

code

— Dangerous, C/C++ Pointers – Can touch sensitive memory location — Risk: Memory allocations and Free – Allocation without freeing (leaks) – Free without allocation (core dump !!!! )

  • Limited security in SNMP
slide-39
SLIDE 39

9/29/99 39

Santa Clara University

Agenda

  • Openness
  • Local Computation
  • New types of applications
  • Architecture
  • API’s
  • Summary
slide-40
SLIDE 40

9/29/99 40

Santa Clara University

An Open Service API Example

—SNMP API for Network Management –generated automatically –allows device-based applications to query MIB –device-based application -- query local MIB –report trends or significant events –initiate downloading of problem specific diagnostic code –take corrective action

slide-41
SLIDE 41

9/29/99 41

Santa Clara University

MIB API Example

Java Virtual Machine SNMP PDU Layer Instrumentation & Annotation Layer Real Time Operating System Processor and other Hardware Native Variable Interface MIB Map Abstract Variable Interface Client API Client Bean

  • API uses a MIB Map to

dispatch requests to variable access routines

  • Different parts of the MIB

tree can be serviced by different mechanisms

  • Two main schemes:
  • An ad hoc interface to the

SNMP instrumentation layer

  • A generic SNMP loopback
slide-42
SLIDE 42

9/29/99 42

Santa Clara University

Agenda

  • Openness
  • Local Computation
  • New type of applications
  • Architecture
  • API’s
  • Summary
slide-43
SLIDE 43

9/29/99 43

Santa Clara University

Summary

  • Programmable

— Turing Machine on network devices — dynamic agents vs. static agents — dynamic loading — strong security

  • Openness - successfully proven

paradigm

— Facilitates innovation — Domain experts - virtual development community

  • Enabling Technology for the Revolution
slide-44
SLIDE 44

9/29/99 44

Santa Clara University

This is only the first step

Compare to this first flight and look where aviation is today

1903 the Wright brothers