growing of internet a permanent challenge for designers and
TRANSCRIPT
Growing of Interneta permanent challenge
for designers and network engineeringJiří Navrátil [email protected]
European Future Networking Initiatives Workshop22.2.2007 Amsterdam
Introduction to EFNI workshop
• Internet expansion and consequences• Next generation of Internet (directions and
supporting projects, FIND, GENI) • New terminology: Slicing, Virtualizaton,
PlanetLab, VINI, etc. • New networking phenomena, concepts,
approaches (DHT, P2P, CAN, ROS)
BGP table analysisPartial visibility of the Internet from one router (from the routing tables)
Source: http://www.caida.org/tools/measurement/skitter/
What are the problems of Internet ?
Speed and capacity ?In network backbones ? In aggregation networks?last mile ?wireless (ad hoc networks, Wimax) ?
Access to the network ?from individual machines (PC,MAC,Linux), Supercomputers, PDA, phones,edge points
Distribution of services in requested quality to end usersto universities, offices (thousands of sites in each country)to homes (millions of access points)mobile users
Utilization of existing networks (Measurement and monitoring)How do we know what users are doing and what they want, what are the loads od individual segments of Internet ?
Security aspects ?Yes, definitely, all of these areas has own
difficulties and clear road map for future developments
However, they don’t threaten the system as whole
The real problems of IP world are in the principles
• IP addresses ? Yes, before 1994 nearly collapsed. Problem postponed because of reusable private IP, NAT. It is reason why IPv6 is not so hot
• Naming ? Yes, DNS still dominate and it has more and more problemsthe other systems start to use own naming strategy based on GUID
• Routing ? Yes, since 1989 BGP (protocol based purely on agreement of ISPs - routing policy). All other known protocols are unacceptable, technically problematic and they are used just locally,many existing routes is not used, quality of routes is not under control
BGP4 ? Yes, Introducing AS was step to aggregation for routing purposes, it helps to postpone problem with effectiveness of routing.
AND the # of ISP and # of AS grow exponentially !
How Internet Grows
0
10000
20000
30000
40000
50000
60000
70000
80000
1988 92 94 95 96 97 98 99 2000
The grow of Internet Routing Tables
#routes
CIDR, PRIVATE IP, NAT bring slowdown of growing RT
Expectations70000 routes
350
(in 2000 - 980 millions of users ???)
In history
Remark.Individual lines are prefixes (paths) from different peers
Grow in 94– 06Source http://www.routeviews.org/dynamics
Flapping = routes on- off-on-off …
http://sahara.cs.berkeley.edu/jan2004-retreat/slides/mcc_rootcause_sahara.ppt
How AS growing brings problem to BGP
This is a reason why your engineersneeds more and more powerfull systems
More about the weaknesses of the Internet
- performance bottlenecks at peering points– Ignores many existing alternate paths– Prevents sophisticated algorithms– Route selection uses fixed, simple metrics– Routing isn’t sensitive to path quality (See next examples)
The Internet is ill suited to mission-critical applicatioPaxson (95-97) 3.3% of all routes has serious problems
Labovitz (97-00) 10% of routes available <95% of time65% of routes available <99.93 minutes minimum detection time for failureaverage recovery ~ 15 minutes
Chandra (01) 5% of faults last more than 2 hours 45 minutes
Wang (06) 80 % of problems on the path is caused by routing
RON - Resilient overlay networks
• Measure all links between nodes• Compute path properties• Determine best route• Forward traffic over that path
David Andersen, Hari Balakrishnan, Frans Kaashoek, and Robert MorrisMIT Laboratory for Computer Science
http://nms.lcs.mit.edu/ron/
Experimental testbed running for users, Main problems
- not suitable for disruptive operation, - low statistics of problematic cases (waiting for errors)
Via Abilene
Via CALREN/CENIC
Example of routing changes (path SLAC – CALTECH)
Traceroute analysis
Menu
ABwE Overview
PROBLEM IS NOT ONLY TO HAVE NAME (registration) But how TO HANDLE resolution (conversion from/to IP)and UPDATE databases which are bigger and bigger
TLD
ns ns
ns
ns
ns
nsns nsns
ns
nsns
ns
ns
.cvut.
.fel.
.cz
.fjfi.
TLD
nsns
ns
ns
ns
nsnsns ns
ns
nsns
ns
com
.de
Most request is resolved on the lowest levelbut not all data are available => Recursing requests
.hp..ibm.Recursing requests
browsers
.fs.cvut.cz
Remember: Each nice Web page can contain several resolutions !!(reference to icon/picture/doc located somewhere in Internet) and for seeing it must be resolved !!
.nl
What is the rate of DNS updates and big volume of data it represents ?
1-2 M updates/hour on root DNS20 top ASes make 50 % updates (China, US, Spain)97% updates is from WINDOWS machines
Wrong coordination between DHCP and DNS for private IP can creates unwanted traffic and requests to global DNS. This leakage is inappropriate from the traffic and also from the security aspects.
REFERENCE CAIDA papers: A.Broido, E.Nemeth, kc claffy, SPECTROSCOPY of Private DNS update Sources
A.Broido, H.Shang, M.Fomenkov, Y.Hyun, kc claffy, The Windows of Private DNS Updates
How DNS will react on machine-machine applications (crowlers, traffic reviewer,..)
How is robust, scalable, sensitive to the attacks and misconfigurations
All these systems were designed for traffic loads that reflect the rate and complexity of human activities
NSF FIND “Future Internet Design”in 2005 as reaction to existing problems
• Creating the Internet you want in 10,15 Years• The Internet which society TRUST • Support pervasive computing (from PDA to
Supercomputing)• Connecting devices and users with all types
communication channels from wireless to optical light paths
• Enable accept further developments and innovations
from Darleen Fisher and Guru ParulkarNSF-CISE presentation
from Darleen Fisher and Guru ParulkarNSF-CISE presentation
from Darleen Fisher and Guru ParulkarNSF-CISE presentation
From: David Alderson CALTECH , NSF Find meeting, Dec. 2005
Situation is getting worse
Larry Peterson Princeton University:A Strategy for Continually Reinventing Internet(May 2005)Why now ?
many architectional proposals ( look on the statistics RFC, papers, etc.)research community is ready to making it realEnabling technologyInfrastructure exists (NLR, Planetlab, .. GN2,.. }
HOW ?Two paths for changesIncrementalClean-Slate (replace Internet with new architecture)
many problems on first path(many limits, hard manage,, vulnerability, hostile)
there are Barriers to second path: Internet ossificated, cannot be replaced Inadequate validation of potential solutions
tesbed dilemma:production testbed = incremental changeexperimental testbed = no real users !
Focus of FIND
On Reinvented Internet Architecture and not on individual network technologies
Internet evolution influenced by clean-slate approach
Alternate architecture(s) coexist with the current Internet
Virtualization becomes the norm with plurality of architectures
New services and applications enabled
Defined Stages of Research for 2007 and Later
Architectures as they emerge will be made operational and tested
• Simulation
• Emulation
• Run on a large-scale GENI facilityExperiments with new architectures at global scale
http://nile.wpi.edu/NS/
Peter A.Freeman NSFVICEJan 2006
2007
Filling GAP (validate new arch. Under realistic conditionsKeep potential deployment in sight)Work on existing experimental. infrastructure
Emulab front-end to PlanetLabExperiments spanning some combination of…Emulab + ORBIT + WAIL + PlanetLabViNI: Virtualized Network InfrastructurePlanetLabslices on layer 2 networks (NLR + Abilene)Internet-in-a-Slice (Click + XORP)
2009
?
?
Planetlab node as INGRESS
NLR as high-speed backbone
Each architecture (service)runs in own slice
Larry Peterson Princeton University:A Strategy for Continually Reinventing Internet(May 2005)
In “A Strategy for Continually Reinventing Internet”(May 2005, Larry Peterson)
Source: From GENI backbone working group
Distribution of load and functionality in Hardware
Why virtual architectures ?
You can separate the tasks into independent HW (computers) each responsible for part of the whole system).
The programs that should control many different entities in real time with complex timing often multiplicatively same for different segments of the huge
systems are rather complex.
The computers are more and more powerful so they are ready to work in “pseudo parallel mode” and to accept some overhead. Application software is much simple.
The reason is not only the distribution of the loadbut also distribution of complexity.
The next step is to create more independent systems (virtual machine VM)on one physical computer. Each VM can run one or more programs. The complexity for writing and running application is much lower than
in original design
Generalized Packet Filters• GPFs are the key to flexibility in this approach
– Extends concept of “filters” normally found on routers– A relatively small number of GPFs can be used as building
blocks for a large number of applications• Ideally, the database of GPFs precludes the writing of new
code!– Supports flexible classification, computation, and actions– GPFs are executed in numeric order:
L2 SwitchingEngine w/ARP
L2 SwitchingEngine w/ARP
Packet filter 1
Packet filter 2
Packet filter n
Default filter
Source : http://sahara.cs.berkeley.edu/jan2004-retreat/index.htmlhttp://sahara.cs.berkeley.edu/jan2004-retreat/slides/tsai_routervm_1-9-04.ppt
Source : http://sahara.cs.berkeley.edu/jan2004-retreat/index.htmlhttp://sahara.cs.berkeley.edu/jan2004-retreat/slides/tsai_routervm_1-9-04.ppt
Classify-Infer-Act• A server and router in “one”
– Tight integration between packet processing and routing
– High bandwidth (routers) and computation (servers)
IP
TCP
HTTP
iSCSI
FCIP
MPLS
Ethernet
ATM
…?
Intrusion Detect
NAT
Store/Ret. State
TCP/IP lookup
Checksum
Count/Tag
…?
Error Detect
Drop
Route
Load Balance
Replace Fields
Resize Pkt
Encrypt
Forward
Compress
…?
Classify Infer Act
sublayer 4
sunlayer 3
sublayer 2
Edge node
Edge node(BASED ON PNE ?)
sublayer 1
RN4RN1
RN3
RN5
RN2
RN1
RN5RN4
RN1
RN5RN4
RN1
RN5RN4
Different application packets
Core network
Different application packets
Domain X Domain Z
Group/class of applications
“Y”
“P”
“G”
“B”
(voice)
(video)
(interactive gaming)
(data)Different L2 allocation
between RN,different routing for each L3 sub-layer
λ λ1
λ2
λ3
λ4
RN = routernode
“Slicing” SHARED IP layer in horizontal level
Questions: Who can create applicaton layer? *jn*
JVM, ISOLATES etc.http://java.sun.com/developer/technicalArticles/Programming/mvm/
Sun's Multi-tasking Virtual Machine runs severalJava applications, called isolates
The overlay is the single application that runsin the JVM, but it allows several pseudo-applicationsnrun concurrently ontop of it.
A standard Java Virtual Machine is a multi-thread-enabledbut mono-application environment
Multi-user Java Environment.
INTERNET
Lastmile
Lastmile
Gateway operatorVOD
VOD
HDTVIPTV
Open Service Gateway
Service providers
Open Service Gateway MULTISERVICE MULTIUSER
The overlay is the single application that runsin the JVM, but it allows several pseudo-applicationsnrun concurrently ontop of it.
Multi-user Java Environment.
The gateway operator, through the core service gateway,acts much like a Unix root user. He allows users (service providers)
to launch their shell or execution environment (their virtual service gateway). The core gateway runs services accessible to all users
More details:http://perso.citi.insa-lyon.fr/sfrenot//publications/royonCBSE06vosgi.pdf
. However, contrary to Unix root users, the core gateway does not have access to service gateways' data, files, etc, since these would belong to different, potentially competing companies. Source: MUSE -NRIA
Xen 3.0 Architecture
Event Channel Virtual MMUVirtual CPU Control IF
Hardware (SMP, MMU, physical memory, Ethernet, SCSI/IDE)
NativeDeviceDriver
GuestOS(XenLinux)
Device Manager & Control s/w
VM0
NativeDeviceDriver
GuestOS(XenLinux)
UnmodifiedUser
Software
VM1
Front-EndDevice Drivers
GuestOS(XenLinux)
UnmodifiedUser
Software
VM2
Front-EndDevice Drivers
UnmodifiedGuestOS(WinXP))
UnmodifiedUser
Software
VM3
Safe HW IF
Xen Virtual Machine Monitor
Back-End Back-End
VT-x
x86_32x86_64
IA64
AGPACPIPCI
SMP
http://www.planet-lab.org
VMM
VS – Virtual server Independent OS LINUX (BSD) running on VM,with own administartion including root with own file system and computation capability
VMMVMM
Slice set of VS on different VM
VMM
Node/Slice in PlanetLab
N4
N2
N3
N7
N8
N1
N9
N5
N6
On each node can run more users (slices)Each of them is running in own virtual systemOne user can run more applications
App1App2App3
SLICE
Node
SLICE A1 (N3,N1,N2,N3,N4,N5,N6.N7,N8,N9)SLICE A2 (N1,N5,N6,N4,N8)SLICE A3 (N1,N2,N7,N10
N10
SLICE A4 (N3,N6,N5,N4)
What is emulation?the ability to mimic another machine on your computer. You can run the same programs that you would on whateverthe other machine is.
http://www.cs.utah.edu/flux/testbed-docs/emulab-dev-jan06.pdf
switch
wired
Thank You for your attention