participatory networking
play

Participatory Networking: An API for Application Control of SDNs - PDF document

Jan 22, 2024 •180 likes •1.99k views

Participatory Networking: An API for Application Control of SDNs Andrew Ferguson, Arjun Guha, Chen Liang, Rodrigo Fonseca, and Shriram Krishnamurthi Cornell 1 Participatory Networking 2 Participatory Networking integrates end-users and their

  1. ���� ����� � � � � Share Tree 16 A share’s principals also have the capability to delegate privileges by creating subshares (click). The creation of subshares is guided by the principle that you can’t give away more authority than you have. For example, a subshare’s flowgroup (click) must be contained within the parent share’s flowgroup (click). Here, the blue bar represents each flowgroup’s range of permitted source IP addresses. Furthermore, a subshare may not have a more permissive action set (click) than the parent (click), and initially, the subshare’s only principal is its creator (click). Other users can later be added as additional principals (click). This process of creating subshares develops a privilege hierarchy we call the “Share Tree” (click). The root of the share tree is “the rootShare” (click) -- a share which contains all tra ffj c in the network, comes with all privileges, and has a single root user as the principal.

  2. ���� ����� � � � � Share Tree 16 A share’s principals also have the capability to delegate privileges by creating subshares (click). The creation of subshares is guided by the principle that you can’t give away more authority than you have. For example, a subshare’s flowgroup (click) must be contained within the parent share’s flowgroup (click). Here, the blue bar represents each flowgroup’s range of permitted source IP addresses. Furthermore, a subshare may not have a more permissive action set (click) than the parent (click), and initially, the subshare’s only principal is its creator (click). Other users can later be added as additional principals (click). This process of creating subshares develops a privilege hierarchy we call the “Share Tree” (click). The root of the share tree is “the rootShare” (click) -- a share which contains all tra ffj c in the network, comes with all privileges, and has a single root user as the principal.

  3. ���� ����� � � � � Share Tree 16 A share’s principals also have the capability to delegate privileges by creating subshares (click). The creation of subshares is guided by the principle that you can’t give away more authority than you have. For example, a subshare’s flowgroup (click) must be contained within the parent share’s flowgroup (click). Here, the blue bar represents each flowgroup’s range of permitted source IP addresses. Furthermore, a subshare may not have a more permissive action set (click) than the parent (click), and initially, the subshare’s only principal is its creator (click). Other users can later be added as additional principals (click). This process of creating subshares develops a privilege hierarchy we call the “Share Tree” (click). The root of the share tree is “the rootShare” (click) -- a share which contains all tra ffj c in the network, comes with all privileges, and has a single root user as the principal.

  4. ���� ����� � � � � Share Tree 16 A share’s principals also have the capability to delegate privileges by creating subshares (click). The creation of subshares is guided by the principle that you can’t give away more authority than you have. For example, a subshare’s flowgroup (click) must be contained within the parent share’s flowgroup (click). Here, the blue bar represents each flowgroup’s range of permitted source IP addresses. Furthermore, a subshare may not have a more permissive action set (click) than the parent (click), and initially, the subshare’s only principal is its creator (click). Other users can later be added as additional principals (click). This process of creating subshares develops a privilege hierarchy we call the “Share Tree” (click). The root of the share tree is “the rootShare” (click) -- a share which contains all tra ffj c in the network, comes with all privileges, and has a single root user as the principal.

  5. ���� ����� � � � � bandwidth 50Mbps Share Tree 16 A share’s principals also have the capability to delegate privileges by creating subshares (click). The creation of subshares is guided by the principle that you can’t give away more authority than you have. For example, a subshare’s flowgroup (click) must be contained within the parent share’s flowgroup (click). Here, the blue bar represents each flowgroup’s range of permitted source IP addresses. Furthermore, a subshare may not have a more permissive action set (click) than the parent (click), and initially, the subshare’s only principal is its creator (click). Other users can later be added as additional principals (click). This process of creating subshares develops a privilege hierarchy we call the “Share Tree” (click). The root of the share tree is “the rootShare” (click) -- a share which contains all tra ffj c in the network, comes with all privileges, and has a single root user as the principal.

  6. ���� ����� � � � � bandwidth 100Mbps bandwidth 50Mbps Share Tree 16 A share’s principals also have the capability to delegate privileges by creating subshares (click). The creation of subshares is guided by the principle that you can’t give away more authority than you have. For example, a subshare’s flowgroup (click) must be contained within the parent share’s flowgroup (click). Here, the blue bar represents each flowgroup’s range of permitted source IP addresses. Furthermore, a subshare may not have a more permissive action set (click) than the parent (click), and initially, the subshare’s only principal is its creator (click). Other users can later be added as additional principals (click). This process of creating subshares develops a privilege hierarchy we call the “Share Tree” (click). The root of the share tree is “the rootShare” (click) -- a share which contains all tra ffj c in the network, comes with all privileges, and has a single root user as the principal.

  7. ���� ����� � � � � bandwidth root 100Mbps bandwidth root 50Mbps Share Tree 16 A share’s principals also have the capability to delegate privileges by creating subshares (click). The creation of subshares is guided by the principle that you can’t give away more authority than you have. For example, a subshare’s flowgroup (click) must be contained within the parent share’s flowgroup (click). Here, the blue bar represents each flowgroup’s range of permitted source IP addresses. Furthermore, a subshare may not have a more permissive action set (click) than the parent (click), and initially, the subshare’s only principal is its creator (click). Other users can later be added as additional principals (click). This process of creating subshares develops a privilege hierarchy we call the “Share Tree” (click). The root of the share tree is “the rootShare” (click) -- a share which contains all tra ffj c in the network, comes with all privileges, and has a single root user as the principal.

  8. ����� � � � � ���� bandwidth root 100Mbps bandwidth root adf 50Mbps Share Tree 16 A share’s principals also have the capability to delegate privileges by creating subshares (click). The creation of subshares is guided by the principle that you can’t give away more authority than you have. For example, a subshare’s flowgroup (click) must be contained within the parent share’s flowgroup (click). Here, the blue bar represents each flowgroup’s range of permitted source IP addresses. Furthermore, a subshare may not have a more permissive action set (click) than the parent (click), and initially, the subshare’s only principal is its creator (click). Other users can later be added as additional principals (click). This process of creating subshares develops a privilege hierarchy we call the “Share Tree” (click). The root of the share tree is “the rootShare” (click) -- a share which contains all tra ffj c in the network, comes with all privileges, and has a single root user as the principal.

  9. ����� � � � � ���� bandwidth root 100Mbps bandwidth root adf 50Mbps Share Tree 16 A share’s principals also have the capability to delegate privileges by creating subshares (click). The creation of subshares is guided by the principle that you can’t give away more authority than you have. For example, a subshare’s flowgroup (click) must be contained within the parent share’s flowgroup (click). Here, the blue bar represents each flowgroup’s range of permitted source IP addresses. Furthermore, a subshare may not have a more permissive action set (click) than the parent (click), and initially, the subshare’s only principal is its creator (click). Other users can later be added as additional principals (click). This process of creating subshares develops a privilege hierarchy we call the “Share Tree” (click). The root of the share tree is “the rootShare” (click) -- a share which contains all tra ffj c in the network, comes with all privileges, and has a single root user as the principal.

  10. ����� � � � � ���� bandwidth root 100Mbps bandwidth root adf 50Mbps Share Tree 16 A share’s principals also have the capability to delegate privileges by creating subshares (click). The creation of subshares is guided by the principle that you can’t give away more authority than you have. For example, a subshare’s flowgroup (click) must be contained within the parent share’s flowgroup (click). Here, the blue bar represents each flowgroup’s range of permitted source IP addresses. Furthermore, a subshare may not have a more permissive action set (click) than the parent (click), and initially, the subshare’s only principal is its creator (click). Other users can later be added as additional principals (click). This process of creating subshares develops a privilege hierarchy we call the “Share Tree” (click). The root of the share tree is “the rootShare” (click) -- a share which contains all tra ffj c in the network, comes with all privileges, and has a single root user as the principal.

  11. ��������� �������� ���������� ����� ��� ����������� ���������������� ������������� ���� ����� ��������������  �������������� 17 The share tree only sets the static context for configuring the network. The actual configuration is performed by requests and hints to the PANE controller (click). Requests describe an action the principal would like to perform on a flowgroup during a given time interval (click). After evaluating the request, the PANE controller returns an immediate response indicating an accept or reject (click). Hints provide information about current or future tra ffj c patterns (click). The PANE controller is not required to respond to hints and may optionally choose an action to perform on the tra ffj c (click). Shares may also provide principals with the right to issue queries about given flowgroups (click), such as for tra ffj c statistics (click). To keep things simple, I’m going to focus on requests for the remainder of this talk. More details about hints and queries can be found in our paper. (Pause)

  12. ��������� �������� ���������� ����� ��� ����������� ���������������� ������������� ���� ����� ��������������  �������������� PANE 17 The share tree only sets the static context for configuring the network. The actual configuration is performed by requests and hints to the PANE controller (click). Requests describe an action the principal would like to perform on a flowgroup during a given time interval (click). After evaluating the request, the PANE controller returns an immediate response indicating an accept or reject (click). Hints provide information about current or future tra ffj c patterns (click). The PANE controller is not required to respond to hints and may optionally choose an action to perform on the tra ffj c (click). Shares may also provide principals with the right to issue queries about given flowgroups (click), such as for tra ffj c statistics (click). To keep things simple, I’m going to focus on requests for the remainder of this talk. More details about hints and queries can be found in our paper. (Pause)

  13. ���� ����� �������� ���������� ����� ��� ����������� ���������������� ������������� ��������� ��������������  �������������� R e s e r v e 2 M b f p r s o m n o w t o + 5 m i n ? PANE 17 The share tree only sets the static context for configuring the network. The actual configuration is performed by requests and hints to the PANE controller (click). Requests describe an action the principal would like to perform on a flowgroup during a given time interval (click). After evaluating the request, the PANE controller returns an immediate response indicating an accept or reject (click). Hints provide information about current or future tra ffj c patterns (click). The PANE controller is not required to respond to hints and may optionally choose an action to perform on the tra ffj c (click). Shares may also provide principals with the right to issue queries about given flowgroups (click), such as for tra ffj c statistics (click). To keep things simple, I’m going to focus on requests for the remainder of this talk. More details about hints and queries can be found in our paper. (Pause)

  14. �������� ���������� ����� ��� ����������� ���������������� ������������� ���� ����� ��������� ��������������  �������������� Y e s PANE 17 The share tree only sets the static context for configuring the network. The actual configuration is performed by requests and hints to the PANE controller (click). Requests describe an action the principal would like to perform on a flowgroup during a given time interval (click). After evaluating the request, the PANE controller returns an immediate response indicating an accept or reject (click). Hints provide information about current or future tra ffj c patterns (click). The PANE controller is not required to respond to hints and may optionally choose an action to perform on the tra ffj c (click). Shares may also provide principals with the right to issue queries about given flowgroups (click), such as for tra ffj c statistics (click). To keep things simple, I’m going to focus on requests for the remainder of this talk. More details about hints and queries can be found in our paper. (Pause)

  15. ��������� �������� ���������� ����� ��� ����������� ���������������� ������������� ���� ����� ��������������  ��������������  is tra ffi c will be short and bursty PANE 17 The share tree only sets the static context for configuring the network. The actual configuration is performed by requests and hints to the PANE controller (click). Requests describe an action the principal would like to perform on a flowgroup during a given time interval (click). After evaluating the request, the PANE controller returns an immediate response indicating an accept or reject (click). Hints provide information about current or future tra ffj c patterns (click). The PANE controller is not required to respond to hints and may optionally choose an action to perform on the tra ffj c (click). Shares may also provide principals with the right to issue queries about given flowgroups (click), such as for tra ffj c statistics (click). To keep things simple, I’m going to focus on requests for the remainder of this talk. More details about hints and queries can be found in our paper. (Pause)

  16. ��������� �������� ���������� ����� ��� ����������� ���������������� ������������� ���� ����� ��������������  �������������� OK PANE 17 The share tree only sets the static context for configuring the network. The actual configuration is performed by requests and hints to the PANE controller (click). Requests describe an action the principal would like to perform on a flowgroup during a given time interval (click). After evaluating the request, the PANE controller returns an immediate response indicating an accept or reject (click). Hints provide information about current or future tra ffj c patterns (click). The PANE controller is not required to respond to hints and may optionally choose an action to perform on the tra ffj c (click). Shares may also provide principals with the right to issue queries about given flowgroups (click), such as for tra ffj c statistics (click). To keep things simple, I’m going to focus on requests for the remainder of this talk. More details about hints and queries can be found in our paper. (Pause)

  17. ��������� �������� ���������� ����� ��� ����������� ���������������� ������������� ���� ����� ��������������  �������������� How much web tra ffi c PANE in the last hour? 17 The share tree only sets the static context for configuring the network. The actual configuration is performed by requests and hints to the PANE controller (click). Requests describe an action the principal would like to perform on a flowgroup during a given time interval (click). After evaluating the request, the PANE controller returns an immediate response indicating an accept or reject (click). Hints provide information about current or future tra ffj c patterns (click). The PANE controller is not required to respond to hints and may optionally choose an action to perform on the tra ffj c (click). Shares may also provide principals with the right to issue queries about given flowgroups (click), such as for tra ffj c statistics (click). To keep things simple, I’m going to focus on requests for the remainder of this talk. More details about hints and queries can be found in our paper. (Pause)

  18. ��������� �������� ���������� ����� ��� ����������� ���������������� ������������� ���� ����� ��������������  �������������� PANE 67,560 bytes 17 The share tree only sets the static context for configuring the network. The actual configuration is performed by requests and hints to the PANE controller (click). Requests describe an action the principal would like to perform on a flowgroup during a given time interval (click). After evaluating the request, the PANE controller returns an immediate response indicating an accept or reject (click). Hints provide information about current or future tra ffj c patterns (click). The PANE controller is not required to respond to hints and may optionally choose an action to perform on the tra ffj c (click). Shares may also provide principals with the right to issue queries about given flowgroups (click), such as for tra ffj c statistics (click). To keep things simple, I’m going to focus on requests for the remainder of this talk. More details about hints and queries can be found in our paper. (Pause)

  19. ���� ����� � � � � Current: 0 Mbps bandwidth 100Mbps ShareA ShareB bandwidth bandwidth 100Mbps 100Mbps Current: 0 Mbps Current: 0 Mbps PANE 18 By design, a share’s resources may be over-subscribed by its subshares. For example, a share which is permitted up to (click) 100 Mbps of guaranteed minimum bandwidth may permit each of its subshares (click) to make reservations up to the same limit. In order to ensure that these restrictions are never violated, new requests are recursively evaluated up the tree. For example, if a user of ShareA requests (click) 80 Mbps of guaranteed bandwidth, the PANE controller accepts the request (click) and accounts for the reservation in ShareA and the rootShare. If a user of ShareB then requests (click) 50 Mbps of guaranteed bandwidth, the PANE controller rejects the request (click) to prevent a violation on the rootShare. Finally, when accepted requests become active, the PANE controller uses OpenFlow (click) to reconfigure the network and implement the request. (Pause)

  20. ���� ����� � � � � Current: 0 Mbps bandwidth 100Mbps ShareA ShareB bandwidth bandwidth 100Mbps 100Mbps Current: 0 Mbps Current: 0 Mbps PANE 18 By design, a share’s resources may be over-subscribed by its subshares. For example, a share which is permitted up to (click) 100 Mbps of guaranteed minimum bandwidth may permit each of its subshares (click) to make reservations up to the same limit. In order to ensure that these restrictions are never violated, new requests are recursively evaluated up the tree. For example, if a user of ShareA requests (click) 80 Mbps of guaranteed bandwidth, the PANE controller accepts the request (click) and accounts for the reservation in ShareA and the rootShare. If a user of ShareB then requests (click) 50 Mbps of guaranteed bandwidth, the PANE controller rejects the request (click) to prevent a violation on the rootShare. Finally, when accepted requests become active, the PANE controller uses OpenFlow (click) to reconfigure the network and implement the request. (Pause)

  21. ���� ����� � � � � Current: 0 Mbps bandwidth 100Mbps ShareA ShareB bandwidth bandwidth 100Mbps 100Mbps Current: 0 Mbps Current: 0 Mbps PANE 18 By design, a share’s resources may be over-subscribed by its subshares. For example, a share which is permitted up to (click) 100 Mbps of guaranteed minimum bandwidth may permit each of its subshares (click) to make reservations up to the same limit. In order to ensure that these restrictions are never violated, new requests are recursively evaluated up the tree. For example, if a user of ShareA requests (click) 80 Mbps of guaranteed bandwidth, the PANE controller accepts the request (click) and accounts for the reservation in ShareA and the rootShare. If a user of ShareB then requests (click) 50 Mbps of guaranteed bandwidth, the PANE controller rejects the request (click) to prevent a violation on the rootShare. Finally, when accepted requests become active, the PANE controller uses OpenFlow (click) to reconfigure the network and implement the request. (Pause)

  22. ���� ����� � � � � Current: 0 Mbps bandwidth 100Mbps ShareA ShareB bandwidth bandwidth 100Mbps 100Mbps Current: 0 Mbps Current: 0 Mbps Reserve 80 Mbps? PANE 18 By design, a share’s resources may be over-subscribed by its subshares. For example, a share which is permitted up to (click) 100 Mbps of guaranteed minimum bandwidth may permit each of its subshares (click) to make reservations up to the same limit. In order to ensure that these restrictions are never violated, new requests are recursively evaluated up the tree. For example, if a user of ShareA requests (click) 80 Mbps of guaranteed bandwidth, the PANE controller accepts the request (click) and accounts for the reservation in ShareA and the rootShare. If a user of ShareB then requests (click) 50 Mbps of guaranteed bandwidth, the PANE controller rejects the request (click) to prevent a violation on the rootShare. Finally, when accepted requests become active, the PANE controller uses OpenFlow (click) to reconfigure the network and implement the request. (Pause)

  23. ����� � � � � ���� Current: 80 Mbps Current: 0 Mbps bandwidth 100Mbps ShareA ShareB bandwidth bandwidth 100Mbps 100Mbps Current: 0 Mbps Current: 80 Mbps Current: 0 Mbps Yes PANE 18 By design, a share’s resources may be over-subscribed by its subshares. For example, a share which is permitted up to (click) 100 Mbps of guaranteed minimum bandwidth may permit each of its subshares (click) to make reservations up to the same limit. In order to ensure that these restrictions are never violated, new requests are recursively evaluated up the tree. For example, if a user of ShareA requests (click) 80 Mbps of guaranteed bandwidth, the PANE controller accepts the request (click) and accounts for the reservation in ShareA and the rootShare. If a user of ShareB then requests (click) 50 Mbps of guaranteed bandwidth, the PANE controller rejects the request (click) to prevent a violation on the rootShare. Finally, when accepted requests become active, the PANE controller uses OpenFlow (click) to reconfigure the network and implement the request. (Pause)

  24. ����� � � � � ���� Current: 80 Mbps Current: 0 Mbps bandwidth 100Mbps Reserve 50 Mbps? ShareA ShareB bandwidth bandwidth 100Mbps 100Mbps Current: 0 Mbps Current: 80 Mbps Current: 0 Mbps PANE 18 By design, a share’s resources may be over-subscribed by its subshares. For example, a share which is permitted up to (click) 100 Mbps of guaranteed minimum bandwidth may permit each of its subshares (click) to make reservations up to the same limit. In order to ensure that these restrictions are never violated, new requests are recursively evaluated up the tree. For example, if a user of ShareA requests (click) 80 Mbps of guaranteed bandwidth, the PANE controller accepts the request (click) and accounts for the reservation in ShareA and the rootShare. If a user of ShareB then requests (click) 50 Mbps of guaranteed bandwidth, the PANE controller rejects the request (click) to prevent a violation on the rootShare. Finally, when accepted requests become active, the PANE controller uses OpenFlow (click) to reconfigure the network and implement the request. (Pause)

  25. ����� � � � � ���� Current: 80 Mbps Current: 0 Mbps bandwidth 100Mbps ShareA ShareB bandwidth bandwidth 100Mbps 100Mbps No Current: 0 Mbps Current: 80 Mbps Current: 0 Mbps PANE 18 By design, a share’s resources may be over-subscribed by its subshares. For example, a share which is permitted up to (click) 100 Mbps of guaranteed minimum bandwidth may permit each of its subshares (click) to make reservations up to the same limit. In order to ensure that these restrictions are never violated, new requests are recursively evaluated up the tree. For example, if a user of ShareA requests (click) 80 Mbps of guaranteed bandwidth, the PANE controller accepts the request (click) and accounts for the reservation in ShareA and the rootShare. If a user of ShareB then requests (click) 50 Mbps of guaranteed bandwidth, the PANE controller rejects the request (click) to prevent a violation on the rootShare. Finally, when accepted requests become active, the PANE controller uses OpenFlow (click) to reconfigure the network and implement the request. (Pause)

  26. ����� � � � � ���� Current: 80 Mbps Current: 0 Mbps bandwidth 100Mbps ShareA ShareB bandwidth bandwidth 100Mbps 100Mbps Current: 0 Mbps Current: 80 Mbps Current: 0 Mbps PANE 18 By design, a share’s resources may be over-subscribed by its subshares. For example, a share which is permitted up to (click) 100 Mbps of guaranteed minimum bandwidth may permit each of its subshares (click) to make reservations up to the same limit. In order to ensure that these restrictions are never violated, new requests are recursively evaluated up the tree. For example, if a user of ShareA requests (click) 80 Mbps of guaranteed bandwidth, the PANE controller accepts the request (click) and accounts for the reservation in ShareA and the rootShare. If a user of ShareB then requests (click) 50 Mbps of guaranteed bandwidth, the PANE controller rejects the request (click) to prevent a violation on the rootShare. Finally, when accepted requests become active, the PANE controller uses OpenFlow (click) to reconfigure the network and implement the request. (Pause)

  27. Resolving Conflicts 19 To solve participatory networking’s second challenge -- how to resolve conflicts between requests -- we developed Hierarchical Flow Tables, or HFTs.

  28. bandwidth root 100Mbps bandwidth root adf 50Mbps Share Tree 20 In PANE, we have two hierarchies. (pause) The first is a static hierarchy of the privileges granted to users and applications. This hierarchy sets the stage ...

  29. Policy Trees 21 … for a dynamic hierarchy of policy requests. As users and applications make requests, (click) the policy trees evolve, always within the bounds set by the Share Tree. (pause)

  30. (dstPort = 22, Deny) (dstIP=10.0.0.2, GMB=30) (srcIP=10.0.0.2, GMB=20) (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Policy Trees 21 … for a dynamic hierarchy of policy requests. As users and applications make requests, (click) the policy trees evolve, always within the bounds set by the Share Tree. (pause)

  31. : t e k c a P 1 0 . 0 . . 0 1 c r s (dstPort = 22, Deny) 0 8 : 2 . 0 . 0 0 . 1 t s d (dstIP=10.0.0.2, GMB=30) (srcIP=10.0.0.2, GMB=20) (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Policy Trees 22 Following the Ethane model, we imagine every packet is processed against a global policy by the central controller. Here, packet processing is the result of evaluating each packet using the current policy tree.

  32. Hierarchical : t e k c a P Flow Tables 1 0 . 0 . . 0 1 c r s (dstPort = 22, Deny) 0 8 : 2 . 0 . 0 0 . 1 t s d (dstIP=10.0.0.2, GMB=30) (srcIP=10.0.0.1, GMB=20) (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Packet Evaluation 23 First, we identify the matching policy atoms, shown here in green. Next, policy atoms emit their actions. (click) When multiple subtrees have produced actions, we apply user-defined operators (click) at each node in the tree to combine the actions. Here, the sibling operator was applied. (click) Next, we combine the children’s action with the parent’s using a parent operator. Note that in this case, the parent did produce any action, which we denote by “0”, a special “don’t care” action. (continue until GMB=30 is emitted)

  33. Hierarchical : t e k c a P Flow Tables 1 0 . 0 . . 0 1 c r s (dstPort = 22, Deny) 0 8 : 2 . 0 . 0 0 . 1 t s d ? (dstIP=10.0.0.2, GMB=30) Allow (srcIP=10.0.0.1, GMB=20) GMB=10 (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Packet Evaluation 23 First, we identify the matching policy atoms, shown here in green. Next, policy atoms emit their actions. (click) When multiple subtrees have produced actions, we apply user-defined operators (click) at each node in the tree to combine the actions. Here, the sibling operator was applied. (click) Next, we combine the children’s action with the parent’s using a parent operator. Note that in this case, the parent did produce any action, which we denote by “0”, a special “don’t care” action. (continue until GMB=30 is emitted)

  34. Hierarchical : t e k c a P Flow Tables 1 0 . 0 . . 0 1 c r s (dstPort = 22, Deny) 0 8 : 2 . 0 . 0 0 . 1 t s d ? +S (dstIP=10.0.0.2, GMB=30) Allow (srcIP=10.0.0.1, GMB=20) GMB=10 (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Packet Evaluation 23 First, we identify the matching policy atoms, shown here in green. Next, policy atoms emit their actions. (click) When multiple subtrees have produced actions, we apply user-defined operators (click) at each node in the tree to combine the actions. Here, the sibling operator was applied. (click) Next, we combine the children’s action with the parent’s using a parent operator. Note that in this case, the parent did produce any action, which we denote by “0”, a special “don’t care” action. (continue until GMB=30 is emitted)

  35. Hierarchical : t e k c a P Flow Tables 1 0 . 0 . . 0 1 c r s (dstPort = 22, Deny) 0 8 : 2 . 0 . 0 0 . 1 t s d ? 0 +P +S (dstIP=10.0.0.2, GMB=30) Allow (srcIP=10.0.0.1, GMB=20) GMB=10 (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Packet Evaluation 23 First, we identify the matching policy atoms, shown here in green. Next, policy atoms emit their actions. (click) When multiple subtrees have produced actions, we apply user-defined operators (click) at each node in the tree to combine the actions. Here, the sibling operator was applied. (click) Next, we combine the children’s action with the parent’s using a parent operator. Note that in this case, the parent did produce any action, which we denote by “0”, a special “don’t care” action. (continue until GMB=30 is emitted)

  36. Hierarchical : t e k c a P Flow Tables 1 0 . 0 . . 0 1 c r s (dstPort = 22, Deny) 0 8 : 2 . 0 . 0 0 . 1 t s d GMB=10 ? 0 +P +S (dstIP=10.0.0.2, GMB=30) Allow (srcIP=10.0.0.1, GMB=20) GMB=10 (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Packet Evaluation 23 First, we identify the matching policy atoms, shown here in green. Next, policy atoms emit their actions. (click) When multiple subtrees have produced actions, we apply user-defined operators (click) at each node in the tree to combine the actions. Here, the sibling operator was applied. (click) Next, we combine the children’s action with the parent’s using a parent operator. Note that in this case, the parent did produce any action, which we denote by “0”, a special “don’t care” action. (continue until GMB=30 is emitted)

  37. Hierarchical : t e k c a P Flow Tables 1 0 . 0 . . 0 1 c r s (dstPort = 22, Deny) 0 8 : 2 . 0 . 0 0 . 1 t s d GMB=30 GMB=10 ? 0 +P +S +D (dstIP=10.0.0.2, GMB=30) Allow (srcIP=10.0.0.1, GMB=20) GMB=10 (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Packet Evaluation 23 First, we identify the matching policy atoms, shown here in green. Next, policy atoms emit their actions. (click) When multiple subtrees have produced actions, we apply user-defined operators (click) at each node in the tree to combine the actions. Here, the sibling operator was applied. (click) Next, we combine the children’s action with the parent’s using a parent operator. Note that in this case, the parent did produce any action, which we denote by “0”, a special “don’t care” action. (continue until GMB=30 is emitted)

  38. Hierarchical : t e k c a P GMB=30 Flow Tables 1 0 . 0 . . 0 1 c r s (dstPort = 22, Deny) 0 8 : 2 . 0 . 0 0 . 1 t s d GMB=30 GMB=10 ? 0 +P +S +D (dstIP=10.0.0.2, GMB=30) Allow (srcIP=10.0.0.1, GMB=20) GMB=10 (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Packet Evaluation 23 First, we identify the matching policy atoms, shown here in green. Next, policy atoms emit their actions. (click) When multiple subtrees have produced actions, we apply user-defined operators (click) at each node in the tree to combine the actions. Here, the sibling operator was applied. (click) Next, we combine the children’s action with the parent’s using a parent operator. Note that in this case, the parent did produce any action, which we denote by “0”, a special “don’t care” action. (continue until GMB=30 is emitted)

  39. Hierarchical Flow Tables GMB=30 GMB=30 +P GMB=10 (dstIP=10.0.0.2, GMB=30) +D +S (srcIP=10.0.0.1, GMB=20) GMB=10 Allow (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Conflict Resolution 24 Participatory networking uses three combination operators within each node to resolve conflicts. The first is the +S operator, which combines sibling actions. The second is the +D operator, which combines multiple actions inside a single node. Finally, the +P operator combines the previously resolved actions of a parent and child. (Pause) The requirements on these operators are very basic: (click) first, they must be associative -- this allows us to resolve conflicts in a pairwise fashion. And second, they must support the 0 or “don’t care” action as their identity value. With these minimal requirements, we can convert the HFT into an e ffj cient implementation.

  40. Hierarchical Flow Tables GMB=30 GMB=30 +P GMB=10 (dstIP=10.0.0.2, GMB=30) +D +S (srcIP=10.0.0.1, GMB=20) GMB=10 Allow (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Only Requirements: Associative, 0 -identity Conflict Resolution 24 Participatory networking uses three combination operators within each node to resolve conflicts. The first is the +S operator, which combines sibling actions. The second is the +D operator, which combines multiple actions inside a single node. Finally, the +P operator combines the previously resolved actions of a parent and child. (Pause) The requirements on these operators are very basic: (click) first, they must be associative -- this allows us to resolve conflicts in a pairwise fashion. And second, they must support the 0 or “don’t care” action as their identity value. With these minimal requirements, we can convert the HFT into an e ffj cient implementation.

  41. D and S identical. +D In node Deny overrides Allow. GMB combines as max +S Sibling Rate-limit combines as min Child overrides Parent Parent-Sibling +P for Access Control GMB combines as max Rate-limit combines as min PANE’s Conflict Resolution Operators 25 The conflict resolution operators’ flexibility creates a design space for our system. This slide is a summary of the choices we made for PANE. When sensible, we strive to combine both requests. For example a request to guarantee a minimum bandwidth, can combine with one that limits below a maximum rate. In other cases, we need a single outcome. PANE’s +D and +S operators implement a basic policy in which Deny requests override Allow requests, take the maximum of two bandwidth guarantees, and the minimum of two rate-limits. With the +P operator, PANE allows access control requests in child shares to override those in parent shares. The HFT itself is agnostic to the specific policies of the operators, as long as they satisfy the identity and associativity requirements. For example, we could develop operators that resolve conflicts according to priority. (Pause)

  42. Implementation 26 So, how do we implement this system? (pause) In an ideal world, we could simply pass each new HFT to the switches...

  43. (d (d (d (d (s (d (d (s (d (d (d (d (s (d (d (s (d (d (d (s PANE 27 … and when packets arrive, the switches would evaluate the tree just as we did on the previous slides. However, today’s switches aren’t capable performing this evaluation. Therefore, rather than send every packet to the controller …

  44. (dstPort = 22, Deny) (dstIP=10.0.0.2, GMB=30) (srcIP=10.0.0.2, GMB=20) (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) 28 … we developed a compiler which linearizes (click) an HFT instance into traditional, flat OpenFlow tables that are collectively equivalent to the logical policy tree. This compilation process is quadratic in the size of the tree, as we explain in our paper.

  45. (dstPort = 22, Deny) (dstIP=10.0.0.2, GMB=30) (srcIP=10.0.0.2, GMB=20) (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) 28 … we developed a compiler which linearizes (click) an HFT instance into traditional, flat OpenFlow tables that are collectively equivalent to the logical policy tree. This compilation process is quadratic in the size of the tree, as we explain in our paper.

  46. PANE 29 Our OpenFlow controller then installs these tables on the switches (click), allowing the network to implement the HFT with hardware support.

  47. PANE 29 Our OpenFlow controller then installs these tables on the switches (click), allowing the network to implement the HFT with hardware support.

  48. PANE 30 Our compiler works in two stages. (click) First, the compiler linearizes the HFT into a single table we call the "network flow table." If the network were connected by a single, big switch, we might install this network flow table directly onto that switch

  49. PANE 30 Our compiler works in two stages. (click) First, the compiler linearizes the HFT into a single table we call the "network flow table." If the network were connected by a single, big switch, we might install this network flow table directly onto that switch

  50. PANE 31 In the compiler's second stage, it translates the network flow table into individual flow tables for the distributed OpenFlow switches. During this stage, (click) the compiler relies on a Network Information Base or NIB. The design of our NIB is inspired by Onix, and it describes the state of the network, including host locations, link statuses, queue availability, switch configurations, and more.

  51. PANE 31 In the compiler's second stage, it translates the network flow table into individual flow tables for the distributed OpenFlow switches. During this stage, (click) the compiler relies on a Network Information Base or NIB. The design of our NIB is inspired by Onix, and it describes the state of the network, including host locations, link statuses, queue availability, switch configurations, and more.

  52. PANE 32 For example, the compiler uses the NIB to implement a bandwidth reservation by finding a circuit with the requested bandwidth, (click) sending commands to create the necessary queues, (click) and finally, updating the OpenFlow tables (click) with the required forwarding decisions.

  53. PANE 32 For example, the compiler uses the NIB to implement a bandwidth reservation by finding a circuit with the requested bandwidth, (click) sending commands to create the necessary queues, (click) and finally, updating the OpenFlow tables (click) with the required forwarding decisions.

  54. PANE 32 For example, the compiler uses the NIB to implement a bandwidth reservation by finding a circuit with the requested bandwidth, (click) sending commands to create the necessary queues, (click) and finally, updating the OpenFlow tables (click) with the required forwarding decisions.

  55. PANE 32 For example, the compiler uses the NIB to implement a bandwidth reservation by finding a circuit with the requested bandwidth, (click) sending commands to create the necessary queues, (click) and finally, updating the OpenFlow tables (click) with the required forwarding decisions.

  56. PANE 33 The NIB also allows PANE’s compiler to choose where in the network to implement desired policies. As a simple example, it places rules which drop traffic as close as possible to the traffic's ingress port. In this experiment, we have two wireless clients communicating. One suffers from an attack, (click) and the transfer rate drops. With a local firewall rule, (click) the transfer only slightly recovers. Using PANE to install the rule, (click) the transfer fully recovers. And as the source of the traffic moves ...

  57. 24Mbps PANE 33 The NIB also allows PANE’s compiler to choose where in the network to implement desired policies. As a simple example, it places rules which drop traffic as close as possible to the traffic's ingress port. In this experiment, we have two wireless clients communicating. One suffers from an attack, (click) and the transfer rate drops. With a local firewall rule, (click) the transfer only slightly recovers. Using PANE to install the rule, (click) the transfer fully recovers. And as the source of the traffic moves ...

  58. 5Mbps PANE 33 The NIB also allows PANE’s compiler to choose where in the network to implement desired policies. As a simple example, it places rules which drop traffic as close as possible to the traffic's ingress port. In this experiment, we have two wireless clients communicating. One suffers from an attack, (click) and the transfer rate drops. With a local firewall rule, (click) the transfer only slightly recovers. Using PANE to install the rule, (click) the transfer fully recovers. And as the source of the traffic moves ...

  59. 8Mbps PANE 33 The NIB also allows PANE’s compiler to choose where in the network to implement desired policies. As a simple example, it places rules which drop traffic as close as possible to the traffic's ingress port. In this experiment, we have two wireless clients communicating. One suffers from an attack, (click) and the transfer rate drops. With a local firewall rule, (click) the transfer only slightly recovers. Using PANE to install the rule, (click) the transfer fully recovers. And as the source of the traffic moves ...

  60. 24Mbps PANE 33 The NIB also allows PANE’s compiler to choose where in the network to implement desired policies. As a simple example, it places rules which drop traffic as close as possible to the traffic's ingress port. In this experiment, we have two wireless clients communicating. One suffers from an attack, (click) and the transfer rate drops. With a local firewall rule, (click) the transfer only slightly recovers. Using PANE to install the rule, (click) the transfer fully recovers. And as the source of the traffic moves ...

  61. 24Mbps PANE 34 … the rule can shift with it. (Pause)

  62. PANE 35 Updating the NIB is the responsibility of our OpenFlow controller, (click) and any updates are propagated back into our compiler service. (click) The compiler may then construct a new set of OpenFlow tables (click) which continue to implement the decisions of the *network* flow table in the new environment. Seen this way, you can think of the network flow table as a set of invariants we would like to maintain, and our compiler's second stage as a service which maintains those invariants. (Pause)

  63. PANE 35 Updating the NIB is the responsibility of our OpenFlow controller, (click) and any updates are propagated back into our compiler service. (click) The compiler may then construct a new set of OpenFlow tables (click) which continue to implement the decisions of the *network* flow table in the new environment. Seen this way, you can think of the network flow table as a set of invariants we would like to maintain, and our compiler's second stage as a service which maintains those invariants. (Pause)

  64. PANE 35 Updating the NIB is the responsibility of our OpenFlow controller, (click) and any updates are propagated back into our compiler service. (click) The compiler may then construct a new set of OpenFlow tables (click) which continue to implement the decisions of the *network* flow table in the new environment. Seen this way, you can think of the network flow table as a set of invariants we would like to maintain, and our compiler's second stage as a service which maintains those invariants. (Pause)

  65. PANE 35 Updating the NIB is the responsibility of our OpenFlow controller, (click) and any updates are propagated back into our compiler service. (click) The compiler may then construct a new set of OpenFlow tables (click) which continue to implement the decisions of the *network* flow table in the new environment. Seen this way, you can think of the network flow table as a set of invariants we would like to maintain, and our compiler's second stage as a service which maintains those invariants. (Pause)

  66. Evaluation 36 (pause) We have been running several prototype PANE-controlled networks ...

  67. 37 … which carry traffic in our labs on several hardware and software switches. It provides our day-to- day development and internet connectivity.

  68. 1. SSHGuard access control bandwidth reservations 2. Ekiga 3. ZooKeeper queues for low latency 4. Hadoop centralized traffic weights Evaluation 38 We also adapted each of the four applications I discussed earlier to use PANE. SSHGuard and Ekiga directly use our simple ASCII protocol, while ZooKeeper and Hadoop use an object-oriented Java library we developed.

  69. Three equal-sized sort jobs: • Two Low Priority with 25% weight • One High Priority with 50% weight 39 I want to briefly take a look at the Hadoop case: 1) (job mix) 2) (network topology: 20 slaves plus 2 masters) 3) (PANE rules) 4) (outcome: high pri 23% faster, lowpri 10% because of work-conservation)

  70. Three equal-sized sort jobs: • Two Low Priority with 25% weight • One High Priority with 50% weight PANE 22 Hosts 39 I want to briefly take a look at the Hadoop case: 1) (job mix) 2) (network topology: 20 slaves plus 2 masters) 3) (PANE rules) 4) (outcome: high pri 23% faster, lowpri 10% because of work-conservation)

  71. Three equal-sized sort jobs: • Two Low Priority with 25% weight • One High Priority with 50% weight PANE 22 Hosts Dynamically apply QoS to High Priority flows using PANE. 39 I want to briefly take a look at the Hadoop case: 1) (job mix) 2) (network topology: 20 slaves plus 2 masters) 3) (PANE rules) 4) (outcome: high pri 23% faster, lowpri 10% because of work-conservation)

  72. Three equal-sized sort jobs: 1.25 • Two Low Priority with 25% weight • One High Priority with 50% weight 1 0.75 PANE 0.5 22 0.25 Hosts 0 HighPri Speedup Default With PANE Dynamically apply QoS to High Priority flows using PANE. 39 I want to briefly take a look at the Hadoop case: 1) (job mix) 2) (network topology: 20 slaves plus 2 masters) 3) (PANE rules) 4) (outcome: high pri 23% faster, lowpri 10% because of work-conservation)

  73. Hadoop’s OpenFlow rules 40 x-axis: time y-axis: number of rules created by one job running across 22 hosts

  74. 0 5 10 15 20 25 30 Time(min) Hadoop’s OpenFlow rules 40 x-axis: time y-axis: number of rules created by one job running across 22 hosts

  75. Number of Resident Rules 30 25 20 15 10 5 0 0 5 10 15 20 25 30 Time(min) Hadoop’s OpenFlow rules 40 x-axis: time y-axis: number of rules created by one job running across 22 hosts

  76. PANE Number of Resident Rules 30 22 25 20 Hosts 15 10 5 0 0 5 10 15 20 25 30 Time(min) Hadoop’s OpenFlow rules 40 x-axis: time y-axis: number of rules created by one job running across 22 hosts

  77. 1. For applications that know what they want from the network 2. Allows these applications to co-exist Conclusion 41 In conclusion, PANE is designed for applications and users that know what they want from the network. PANE provides a way for applications to talk back to the control-plane and use any mechanisms exposed by network. So far we’ve explored bandwidth, access control, routing, and rate-limiting, and hope to support new mechanisms in the future. And second, PANE allows all of these application requests to co-exist with a single network by deterministically resolving conflicting requests into a single policy.

  78. Andrew Ferguson pane.cs.brown.edu adf@cs.brown.edu 42 I’m happy to take your questions at this time…

  79. • Arjun Guha Brown ↦ Cornell ↦ UMass Amherst Co-authors • Chen Liang Brown ↦ Duke • Rodrigo Fonseca Brown • Shriram Krishnamurthi Brown Andrew Ferguson pane.cs.brown.edu adf@cs.brown.edu 43 … or you can contact any of my collaborators as well. Thank you very much!

  80. Backup Slides 44

  81. Proof of Correctness 45 - As we saw on the last slide, this is a complex, concurrent system. - And complex systems have bugs, even if you write them in Haskell, as we did. - I’d like to briefly tell you how we proved a key portion of the system correct.

  82. : t e k c a P GMB=30 1 0 . 0 . . 0 1 c r s (dstPort = 22, Deny) 0 8 : 2 . 0 . 0 0 . 1 t s d GMB=30 GMB=10 +P +S (dstIP=10.0.0.2, GMB=30) GMB=10 Allow (dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow) Hierarchical Flow Tables 46 - As a starting point, we know what it means for a hierarchical flow table to process a packet: the packet enters the switch, the policy tree nodes produce their actions, and a result action is produced after applying the combination operators.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Participatory Budgeting Purpose of the module To provide relevant knowledge Participatory

Participatory Budgeting Purpose of the module To provide relevant knowledge Participatory

Participatory Budgeting Purpose of the module To provide relevant knowledge Participatory budgeting To train skills Elaboration of plan for implementation of participatory budgeting Expectations Understanding background of

614 views • 28 slides
Participatory Research: Issues and Challenges Laboratorio Foist per le Politiche Sociali e i

Participatory Research: Issues and Challenges Laboratorio Foist per le Politiche Sociali e i

Andrea Vargiu Building Capacities of (Universit degli Studi di Sassari) the Next Generation of Community-Based Participatory Researchers New Delhi April 10 th 2015 Andrea Vargiu Universit di Sassari Teaching Teaching Participatory

466 views • 10 slides
2012-2013 Fourth Year Participatory Budgeting in the 49th Ward Alderman Joe Moore Participatory

2012-2013 Fourth Year Participatory Budgeting in the 49th Ward Alderman Joe Moore Participatory

2012-2013 Fourth Year Participatory Budgeting in the 49th Ward Alderman Joe Moore Participatory Budgeting Neighborhood Assembly 2012-13 PB Process Agenda 6:30PM Refreshments 7:10PM Welcome by Chair 7:15PM PB Video 7:20PM PB: How

764 views • 37 slides
Designing participatory systems prof.dr. F.M.T. Brazier Participatory Systems Initiative, Systems

Designing participatory systems prof.dr. F.M.T. Brazier Participatory Systems Initiative, Systems

Designing participatory systems prof.dr. F.M.T. Brazier Participatory Systems Initiative, Systems Engineering Networks in which coordination is leading Systems for which global organisation is based on local cordination Coordination based

1.07k views • 88 slides
Using Your Network 10-07-16 Networking & You What is networking? Benefits of

Using Your Network 10-07-16 Networking & You What is networking? Benefits of

Jordan Borrell Networking & Bioengineering Program Using Your Network 10-07-16 Networking & You What is networking? Benefits of networking. Who do I network with? Family/Friends/Neighbors School Connections

395 views • 14 slides
Top - down Participatory Democracy Experiments in Latin America Stephanie L. McNulty,

Top - down Participatory Democracy Experiments in Latin America Stephanie L. McNulty,

Governance from Above? Exploring Top - down Participatory Democracy Experiments in Latin America Stephanie L. McNulty, Ph.D. Woodrow Wilson Center December 3, 2012 Bolivias Participatory Institutions (1993) Oversight Committees

213 views • 6 slides
GM Car Network Project March 18 th , 2004 Participatory Design Analysis Prepared By Jim Garretson

GM Car Network Project March 18 th , 2004 Participatory Design Analysis Prepared By Jim Garretson

GM Car Network Project March 18 th , 2004 Participatory Design Analysis Prepared By Jim Garretson Whitney Hess Jordan Kanarek Mathilde Pignol Megan Shia March 27,2004 Participatory Design Analysis A participatory design session was held on

373 views • 24 slides
On the measurement of diversity Explorations within a Participatory Scenario Planning process 1

On the measurement of diversity Explorations within a Participatory Scenario Planning process 1

On the measurement of diversity Explorations within a Participatory Scenario Planning process 1 ParEvo process design = participatory evolution of future scenarios or past histories Nodes = short text description of events Branches =

989 views • 23 slides
Participatory Forest Management: Opportunities and Challenges Kate Schreckenberg, Southampton

Participatory Forest Management: Opportunities and Challenges Kate Schreckenberg, Southampton

Participatory Forest Management: Opportunities and Challenges Kate Schreckenberg, Southampton University Presentation to the Darw in project Conserving Eden: participatory forest m anagem ent in the Tien Shan region 15 th March 2010,

430 views • 27 slides
Towards smart and sustainable multimodal public transports based on a participatory ecosystem Nic

Towards smart and sustainable multimodal public transports based on a participatory ecosystem Nic

Towards smart and sustainable multimodal public transports based on a participatory ecosystem Nic Volanschi Inria Bordeaux WSSC16 - Toulouse, 18/7/2016 Outline Public transport applications Consumer vs participatory assistants

431 views • 15 slides
Networking Don Porter CSE 506 Networking (2 parts) Goals: Review networking basics

Networking Don Porter CSE 506 Networking (2 parts) Goals: Review networking basics

Networking Don Porter CSE 506 Networking (2 parts) Goals: Review networking basics Discuss APIs Trace how a packet gets from the network device to the application (and back) Understand Receive livelock and NAPI 4

761 views • 48 slides
OneSource, Consultoria Informtica Lda. (OneSource) Participatory Processes A step forward

OneSource, Consultoria Informtica Lda. (OneSource) Participatory Processes A step forward

a LEDGER proposal submitted by OneSource, Consultoria Informtica Lda. (OneSource) Participatory Processes A step forward towards true democratic decision-making Co-participation processes, such as participatory budgeting (PB), are one of the

1.08k views • 15 slides
Participatory Approach to Evaluation: Democratizing Evaluation and Embodying Social Inclusion

Participatory Approach to Evaluation: Democratizing Evaluation and Embodying Social Inclusion

Participatory Approach to Evaluation: Democratizing Evaluation and Embodying Social Inclusion CESBC Webinar October 10, 2019 MONA LEE, JANICE DUDDY, PAUL KERBER Poll: Have you ever used a participatory evaluation approach? No

573 views • 30 slides
Wikipedia in the World of Participatory Culture Krzysztof Gajewski Institute of Literary Research

Wikipedia in the World of Participatory Culture Krzysztof Gajewski Institute of Literary Research

Wikipedia in the World of Participatory Culture Krzysztof Gajewski Institute of Literary Research Polish Academy of Science Salamanca, 18-19 March 2016 1 / 22 Table of Contents Fundamental Concepts and Definitions Participatory culture Many

470 views • 22 slides
NAMED DATA NETWORKING (NDN) Named Data Networking NDN BRIEF HISTORY When the Networking was

NAMED DATA NETWORKING (NDN) Named Data Networking NDN BRIEF HISTORY When the Networking was

NAMED DATA NETWORKING (NDN) Named Data Networking NDN BRIEF HISTORY When the Networking was developed in the 60s and 70s Networking was mainly used for resource sharing. IP was the effective communication protocol in place.

484 views • 29 slides
NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

CMPS122: COMPUTER SECURITY NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3 due tonight NETWORKING ATTACKS LAST TIME TCP/IP networking stack Physical layer Data link layer Network

1.1k views • 61 slides
CHERI JNI: Sinking the Java security model into the C David Chisnall , Brooks Davis, Khilan Gudka,

CHERI JNI: Sinking the Java security model into the C David Chisnall , Brooks Davis, Khilan Gudka,

CHERI JNI: Sinking the Java security model into the C David Chisnall , Brooks Davis, Khilan Gudka, David Brazdil, Alexandre Joannou, Jonathan Woodruff, A. Theodore Markettos, J. Edward Maste, Robert Norton, Stacey Son, Michael Roe, Simon W.

320 views • 16 slides
Exploiting Modern Hardware Features via Lightweight Profiling Probir Roy Scalable Tools

Exploiting Modern Hardware Features via Lightweight Profiling Probir Roy Scalable Tools

Exploiting Modern Hardware Features via Lightweight Profiling Probir Roy Scalable Tools Workshop19 1 High performance and challenges IBM POWER 9 CPU Exploiting Modern Hardware Features via Lightweight Profiling 2 High performance and

2.14k views • 150 slides
Quantifying Program Complexity and Comprehension Quantifying Program Complexity and Comprehension

Quantifying Program Complexity and Comprehension Quantifying Program Complexity and Comprehension

Quantifying Program Complexity and Comprehension Quantifying Program Complexity and Comprehension Quantifying Program Complexity and Comprehension Michael Hansen, Andrew Lumsdaine, Rob Goldstone, Raquel Hill, Chen Yu Michael Hansen, Andrew

1.34k views • 99 slides
Stratus: Clouds with Microarchitectural Resource Management Kaveh Razavi and Animesh Trivedi

Stratus: Clouds with Microarchitectural Resource Management Kaveh Razavi and Animesh Trivedi

Stratus: Clouds with Microarchitectural Resource Management Kaveh Razavi and Animesh Trivedi Once Upon a Time in the Cloud Large: 4 cores, 16 GB Medium: 2 cores, 8 GB Small: 1 core, 4 GB 2 Once Upon a Time in the Cloud Large: 4 cores, 16

852 views • 29 slides
@odin odinthe thener nerd not the god Auto-Intern GmbH 1 @odinthenerd A possible future

@odin odinthe thener nerd not the god Auto-Intern GmbH 1 @odinthenerd A possible future

@odinthenerd @odin odinthe thener nerd not the god Auto-Intern GmbH 1 @odinthenerd A possible future of embedded development Auto-Intern GmbH 2 @odinthenerd Sean Parent Auto-Intern GmbH 3 @odinthenerd Every rything is is

881 views • 65 slides
A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste

A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste

A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste Dagand 4 , 3 , 1 Xavier Leroy 1 Marc Pouzet 4 , 2 , 1 Lionel Rieg 5 , 6 1. Inria Paris 2. DI, cole normale suprieure 3. CNRS 4. Univ. Pierre et

1.15k views • 96 slides
The Database as a Value Rich Hickey What is Datomic? A functional database A sound model

The Database as a Value Rich Hickey What is Datomic? A functional database A sound model

The Database as a Value Rich Hickey What is Datomic? A functional database A sound model of information, with time Provides database as a value to applications Bring declarative programming to applications Focus on reducing

688 views • 51 slides
Connecting declarative software tools Declarative tools [for] connecting software Salvador Lucas

Connecting declarative software tools Declarative tools [for] connecting software Salvador Lucas

Connecting declarative software tools Declarative tools [for] connecting software Salvador Lucas Dep. de Sistemas Informticos y Computacin Universidad Politcnica de Valencia slucas@dsic.upv.es Summary Connecting declarative software

634 views • 42 slides

More recommend