Author : David Wetherall (djw@cs.washington.edu) Presented By : Gokul Nadathur (gokul@cs.wisc.edu) Tour Guide ... Introduction Design of ANTS Implementation of ANTS Protection and resource management issues What’s beyond active networks … Active Networks : Visions and Reality 2 What is an Active Network ? • Network architecture that allows : – Application Customized Code to be dynamically deployed in the network – Code to be Executed in a controlled framework within the network • Similar to extensible operating systems (SPIN, Synthesize etc) • Packet = Code + data Active Networks : Visions and Reality 3 Motivation Client Result Client Bid Server Schema for Auction Service Dynamic deployment of new Internet services Online Auctions Client submits bids Central Server processes bids Responds to requests for current price During high load on server, current price may become invalid by the time it reaches the client Active Networks : Visions and Reality 4 Auction Service in an Active Network Client Bid Active Router Fail Bid Filter Customized forwarding routine in active router if (bid is valid) success else fail Filters low bids in the network before they reach server Server periodically updates current prices to active routers Lowers load on server Server Active Networks : Visions and Reality 5 Apprehensions Security Untrusted user code executing in core routers - Is it safe ? Efficiency Dynamic code distribution consumes bandwidth Every packet now requires additional processing Auction Service example :Every router has to check if ( user bid > current bid ) Kills packet forwarding performance Active Networks : Visions and Reality 6 ANTS Architecture designed to provide extensible network layer service Routers are active Extendable at packet level in the form of Capsules A code distribution scheme Active Networks : Visions and Reality 7 Entities in ANTS Active Nodes : Programmable routers connected to IP routers through network channels Maintain a cache of forwarding code (protocols) and data used by different services Responsible for secure execution of forwarding code Active Networks : Visions and Reality 8 Capsules ANTS Header IP header Version Type Previous Address Dep fields Payload Type Identifier for the forwarding routine to be executed (carries code by reference) Previous address Where to get the forwarding routine from if it is not available in the present node (Code Distribution) Dependent Fields Parameters for the forwarding code Payload Header + data of higher layers Active Networks : Visions and Reality 9 Example Client Bid Code Code Request Active Router (Caches Forwarding Code) Previous Address field Server Online Auction : FILTER Capsule : Sent periodically by server to update current bids BID Capsule : Used by client to submit bid Forwarding Code not found ? Code provided by end user software Light weight Code Distribution within the network Active Networks : Visions and Reality 10 Code Distribution Capsule Capsule Extract Type Continue Execution Wake up Capsule No Check in Cache Yes Bootstrap code to cache Active Networks : Visions and Reality Suspend Execution Discard on Timeout Fetch code from Previous Addr Receive Response 11 Code Distribution (Contd)... Need for Bootstrap Capsules to transfer code Well known type (System Capsules) Directory service for selecting protocols Advantages Adapts to packet loss, node failures, changing routes Disadvantages High Latency of loading can trigger end-system timeouts Active Networks : Visions and Reality 12 Implementation Active Node Runtime • User level process in Java • Node Runtime : Application CH 1 Soft Store Cached code + data – Schedules and executes capsule instances – Controlled access of soft store using restricted API Node API CH 2 • Channel Class : Creates Capsule instance from IP packet • Capsule : Execute custom forwarding routines from cache Active Networks : Visions and Reality 13 Protection Schema Type : MD5 fingerprint of forwarding routine Prevents code spoofing Provides authentication free foundation Java SandBox Prevents untrusted code from corrupting node runtime type field is defined as constant Impossible to create a Firewall Very Slow ( PLANet - 3 times faster) Active Networks : Visions and Reality 14 Protection Schema ... Code is read-only Data is protected by hashing the store on the type of service to which it belongs Active Networks : Visions and Reality 15 Shared State Protection R/W sharing of Cached state between related capsule types Auction Example : FILTER Capsule sent by server updates current bids BID Capsule sent by client uses this data to validate its bid Hierarchical Fingerprint for shared state : Complex Type identifiers for shared state Forwarding routines A and B share state Type identifier for shared state: (A,(A, B)H )H and (B,(A, B)H )H Identifies a single service (A, B)H to which both A and B belong Active Networks : Visions and Reality 16 Resource Management Unbounded utilization of Computing resources (Long forwarding routines) Network Bandwidth ( Flooding child capsules ) Solutions : Watchdog timers for breaking long forwarding routines TTL to limit number of hops Static limit on fanouts Application floods Network network based resource allocation Active Networks : Visions and Reality 17 Open Issues Administrative Issues Who can introduce new services ? Hackers Paradise Open Research Area : A Killer Application ? Active Networks : Visions and Reality 18 And Beyond … Radio Active Networks Adaptable Wireless Network Architecture Extend programmability to physical layer Uses Software Radios and Active Networks Higher layers interact with physical layer to observe changing conditions Based on the change appropriate physical layer is selected Example : Basestation to mobile system Dynamically create channels according to mobile host population Create channels of different priority and QoS Active Networks : Visions and Reality 19