Integrating Active Networking and Commercial-Grade Routing Platforms
Download as PPT, PDF0 likes262 views
The document discusses the integration of active networking with commercial-grade routing platforms to create an open environment for service introduction and flow performance enhancement. Key accomplishments include the development of an oplet runtime environment (ORE) for dynamic service deployment and classification on silicon-based routing engines. Future work focuses on enhancing security features, service revocation, and potential open-source implementations.
Integrating Active Networking and Commercial-Grade Routing Platforms
- 1. Integrating Active Networking and Commercial-Grade Routing Platforms Rob Jaeger Tal Lavian, Rob Duncan, Franco Travostino, J.K. Hollingsworth, Bobby Bhattacharjee Networks 2000 September 13, 2000 Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 1
- 2. The Network Paradigm Spectrum Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 2 Traditional Networks • End-to-end connectivity • Well defined protocols • Increasingly perform forwarding in hardware Active Networks • On-the-fly service introduction • Per-flow granularity possible • Inject software in data path ?
- 3. Outline • Research Objectives • Accomplishments • System Concepts/Components • Open Device Architecture • Dynamic Classification Experiment • Status & Future • Summary Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 3
- 4. Research Objectives • Create OPEN platform for introduction of new services — Specify OPEN interfaces for Java applications to control a generic, platform-neutral forwarding plane — Enable downloading of services to network node — Allow object sharing and inter-service communication • Implement flow performance enhancement mechanisms without introducing software into data forwarding path — Service defined packet processing in a silicon-based forwarding engine — Policy-based Dynamic packet classifier Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 4
- 5. Accomplishments • JVM on a Silicon-based Routing Switch • ORE - Oplet Run-time Environment — Java-enabled platform for secure downloading and safe execution of services — Ensures required services are installed for a downloaded Oplet • Java SNMP API (proxy mode for non Java devices) • Implementation of Network Forwarding API (JFWD) • RESULT: Dynamic Classification in Silicon-based forwarding engine on a Gigabit Routing Switch Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 5
- 6. System Concepts/Components • Oplet Runtime Environment (ORE) — A kernel that manages the life cycle of oplets and services — Provides a registry of services • Services — The value being added. Minimal constraints — Represented as a Java interface • Oplets — The unit of deployment: a JAR file — Contains meta-data (eg signatures, dependency declarations) — Contains services and other resources (data files, images, Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 6 properties, JAR files)
- 7. Oplet Runtime Environment Overview • A platform to dynamically deploy services on network elements • Desirable properties — Portable to many different devices — Secure, reliable — Low impact on device performance — Open — Provide a framework to structure code – Reusable, maintainable, robust Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 7 • Implemented in Java
- 8. Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 8 Oplet Lifecycle • Install — Loaded from URL • Start — Services that are depended on must already be started • Stop — Any oplets that depend on this oplet’s services will be stopped — Code and data can be unloaded from ORE • Uninstall
- 9. Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 9 Dependencies • A service S can use facilities provided by another service T • This means that the oplet containing S has a dependency on service T • Before an oplet can be started, all of its dependent services must have be started • ORE manages dependencies and lifecycle of oplets and services
- 10. Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 10 Some Services • Bootstrap (ORE start time) - basic configuration • Log - Centralized logging for oplets • HTTP server — Simple servlet support • Command line shell — Service depends on shell to register commands • Administration commands — Manage oplets and services • Access to router resource including hardware instrumentation via JMIB
- 11. Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 11 Security Issues • Sandbox — Each oplet provides a Java name space and applet-like sandbox • Signed oplets — Oplets can be signed for assigning trust • Denial of service — Vulnerable to DoS (memory, cycle, bandwidth, persistent storage, monitors) like all Java applications — Resource management is a problem
- 12. Java Forwarding API • Five-Tuple Filters — src/dest IP — src/dst port numbers — protocol (TCP or UDP) • Actions — copy the packet to the control plane — drop packet — set TOS field or set VLAN priority field — adjust priority queue Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 12
- 13. Outline • Research Objectives • Accomplishments • System Concepts/Components • Open Device Architecture • Dynamic Classification Experiment • Status & Future • Summary Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 13
- 14. ORE Service Open Device Architecture JNI Download Oplet ORE JVM Operating System Device HW Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 14 C/C++ API Java API Device Code Device Drivers JFWD API
- 15. Silicon-based Forwarding Engines Network Services JFWD CPU/Operating System Switching Fabric Wire Speed Forwarding Forwarding Rules Forwarding Processor Statistics & Monitors Forwarding Rules Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 15 Forwarding Rules Forwarding Processor Statistics & Monitors Forwarding Processor Statistics & Monitors . . . Control Plane ORE Filtered packets New rules Traffic Packets
- 16. Dynamic Configuration of Forwarding Rules Dynamic Policy CPU Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 16 Forwarding Rules SW HW Forwarding Processor Forwarding Processor Forwarding Processor Forwarding Processor
- 17. CarbonCopy Capability CPU Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 17 Forwarding Processor Forwarding Processor Forwarding Processor Forwarding Processor
- 18. Outline • Research Objectives • Accomplishments • System Concepts/Components • Open Device Architecture • Dynamic Classification Experiment • Status & Future • Summary Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 18
- 19. Dynamic Classification • Identify real-time flows (e.g. packet signature/flowId) 1. Use CarbonCopy filters to deliver multimedia control protocols to control plane – e.g. SIP, H.323. RTSP – Determine dynamically assigned ports from control msgs 2. Use CarbonCopy filters to sample a number of packets from the physical port and identify RTP packets/signature • Set a packet processing filter for packet signature to: — adjust DS-byte OR — adjust priority queue Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 19
- 20. Dynamic Packet Configuration DSC Service Packet Filter Forwarding Processor Forwarding Processor Packet Packet Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 20 Policy Filters
- 21. Experimental Setup Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 21 100 Mbps 100 Mbps 100 Mbps Source 2 tcp_send() Destination 1. tcp_recv() 2. tcp_recv() Source 1 tcp_send() Acclear 1100B Routing Switch
- 22. TCP Behavior with Dynamic Priority Filters Start 2nd Flow Change Priority Seconds Mbps Low Priority High Priority End 2nd Flow Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 22 100 80 60 40 20 0 0 1 2 3 4 5 6 7 8 9 10
- 23. Outline • Research Objectives • Accomplishments • System Concepts/Components • Open Device Architecture • Dynamic Classification Experiment • Status & Future • Summary Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 23
- 24. Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 24 Status • Runs on several Nortel routing products • Run on workstations • First release of ORE SDK complete • JMIB monitor/control system through MIBs • JFWD • Ported ANTS Execution Environment as ORE service
- 25. Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 25 Future ORE work • Capabilities — Revocable services • Security — Java 2 style permissions to perform operations • Resource limits, DoS protection — Probably requires support from JVM • Jini, Oplet Directory - locate and load services • Agents/Services • Open source
- 26. Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 26 Summary • Developed the ORE for downloading and safely running services onto network devices • Without introducing software into data path we performed Dynamic Classification of flows in a Silicon-based Gigabit Routing Switch — Introduced a new service to a Gigabit Routing Switch — Identified real-time flows — Performed policy-based flow behavior classification — Adjusted DS-byte value — Showed that flow performance can be improved • For more info email: rfj@cs.umd.edu
- 27. Integrating Active Networking and Commercial-Grade Routing Platforms Rob Jaeger Tal Lavian, Rob Duncan, Franco Travostino, J.K. Hollingsworth, Bobby Bhattacharjee Networks 2000 September 13, 2000 Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 27
- 28. OOOOpppplllleeeetttt SSeerrvviiccee OOOOpppplllleeeetttt OOOOpppplllleeeetttt SSeerrvviiccee OOOOpppplllleeeetttt RRRRuuuunnnnttttiiiimmmmeeee EEEEnnnnvvvviiiirrrroooonnnnmmmmeeeennnntttt SSeerrvviiccee SSeerrvviiccee Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 28 Architecture OOOOpppplllleeeetttt SSeerrvviiccee JJJJaaaavvvvaaaa VVVViiiirrrrttttuuuuaaaallll MMMMaaaacccchhhhiiiinnnneeee AAAAPPPPIIII EEEExxxxtttteeeennnnssssiiiioooonnnnssss
- 29. Silicon-based Forwarding Engines CPU Switching Fabric Wire Speed Forwarding Forwarding Rules Forwarding Processor Statistics & Monitors Forwarding Rules Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 29 Forwarding Rules Forwarding Processor Statistics & Monitors Forwarding Processor Statistics & Monitors Control Plane . . .
- 30. JFWD 5-tuple Filtering • Copy the packet to the control plane • Don't forward the packet • Set TOS field • Set VLAN priority • Adjust priority queue Integrating Active Networking and Commercial-Grade Routing Platforms – R. Jaeger – Networks 2000/Sept 2000 - 30
Editor's Notes
- #4: To introduce the new Open Networking Architecture that is based on Java-enabled Network Devices To enable easy 3rd party integration and leverage Nortel Networks’ competitive advantage
- #5: To introduce the new Open Networking Architecture that is based on Java-enabled Network Devices To enable easy 3rd party integration and leverage Nortel Networks’ competitive advantage
- #13: To introduce the new Open Networking Architecture that is based on Java-enabled Network Devices To enable easy 3rd party integration and leverage Nortel Networks’ competitive advantage
- #14: To introduce the new Open Networking Architecture that is based on Java-enabled Network Devices To enable easy 3rd party integration and leverage Nortel Networks’ competitive advantage
- #19: To introduce the new Open Networking Architecture that is based on Java-enabled Network Devices To enable easy 3rd party integration and leverage Nortel Networks’ competitive advantage
- #20: To introduce the new Open Networking Architecture that is based on Java-enabled Network Devices To enable easy 3rd party integration and leverage Nortel Networks’ competitive advantage
- #24: To introduce the new Open Networking Architecture that is based on Java-enabled Network Devices To enable easy 3rd party integration and leverage Nortel Networks’ competitive advantage
- #27: To introduce the new Open Networking Architecture that is based on Java-enabled Network Devices To enable easy 3rd party integration and leverage Nortel Networks’ competitive advantage
- #31: To introduce the new Open Networking Architecture that is based on Java-enabled Network Devices To enable easy 3rd party integration and leverage Nortel Networks’ competitive advantage