integrating active networking and commercial-grade routing platforms
DESCRIPTION
Implement flow performance enhancement mechanisms without introducing software into data forwarding path Service defined packet processing in a silicon-based forwarding engine Policy-based Dynamic packet classifier Create OPEN platform for introduction of new services Specify OPEN interfaces for Java applications to control a generic, platform-neutral forwarding plane Enable downloading of services to network node Allow object sharing and inter-service communicationTRANSCRIPT
![Page 1: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/1.jpg)
1
Integrating Active Networking and Commercial-Grade Routing
Platforms
The University of Maryland
Rob Jaeger([email protected])
J.K. HollingsworthBobby Bhattacharjee
![Page 2: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/2.jpg)
2
The Network Paradigm The Network Paradigm SpectrumSpectrum
Traditional Networks - end-to-end connectivity- well defined protocols- increasingly perform forwarding in hardware
Active Networks - on-the-fly service introduction- per-flow granularity possible- inject software in data path
?
![Page 3: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/3.jpg)
3
Objectives• Implement flow performance enhancement mechanisms
without introducing software into data forwarding path
— Service defined packet processing in a sil icon-based forwarding engine
— Policy-based Dynamic packet classif ier
• Create OPEN platform for introduction of new services— Specify OPEN interfaces for Java applications to
control a generic, platform-neutral forwarding plane— Enable downloading of services to network node — Allow object sharing and inter-service communication
![Page 4: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/4.jpg)
4
Accomplishments
— JVM on a Silicon-Based Routing Switch
— ORE - Oplet Run-time Environment
– Java-enabled platform for secure downloading and safe execution of services
– Ensures required services are installed for a downloaded Oplet
— Java SNMP API (proxy mode for non Java devices)
— Implementation of Network Forwarding API (JFWD)
— RESULT: Dynamic Classification in Silicon-Based forwarding engine on a Gigabit Routing Switch
![Page 5: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/5.jpg)
5
Oplet Runtime Environment Overview
• A platform to dynamically deploy services on network elements
• Desirable propert ies— Portable to many different devices— Secure, reliable— Low impact on device performance— Open— Provide a framework to structure code
– Reusable, maintainable, robust
• Implemented in Java
![Page 6: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/6.jpg)
6
Basic Concepts
• Oplet Runtime Environment (ORE)— A kernel that manages the life cycle of oplets and services— Provides a registry of services
• Services— The value being added. Minimal constraints — Represented as a Java interface
• Oplets— The unit of deployment: a JAR file— Contains meta-data (eg signatures, dependency declarations)— Contains services and other resources (data files, images,
properties, JAR files)
![Page 7: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/7.jpg)
7
Architecture
Java Virtual Machine API Extensions
Oplet Runtime Environment
Oplet
Service
Oplet
Service
Oplet
ServiceOplet
Service
Service
![Page 8: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/8.jpg)
8
Oplet Lifecycle
• Install— Loaded from URL
• Start— Services that are depended on must already be started
• Stop— Any oplets that depend on this oplet’s services will be stopped— Code and data can be unloaded from ORE
• Uninstall
![Page 9: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/9.jpg)
9
Dependencies
• A service S can use facil i t ies provided by another service T
• This means that the oplet containing S has a dependency on service T
• Before an oplet can be started, all of its dependent services must have been started
• ORE manages dependencies and l ifecycle of oplets and services
![Page 10: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/10.jpg)
10
Some services• Bootstrap (ORE start t ime) - basic
configuration
• Log - Central ized logging for oplets
• HTTP server— Simple servlet support
• Command l ine shell - — service depends on shell to register commands
• Administrat ion commands - — Manage oplets and services
• Access to router resource including hardware instrumentation via JMIB
![Page 11: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/11.jpg)
11
Security Issues
• Sandbox— Each oplet provides a Java name space and applet-like
sandbox
• Signed oplets— Oplets can be signed for assigning trust
• Denial of service— Vulnerable to DoS (memory, cycle, bandwidth, peristent
storage, monitors) like all Java applications— resource management is a problem
![Page 12: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/12.jpg)
12
ORE Status
• Done now— Runs on several Nortel routing products— Run on workstations— First release of ORE SDK complete— JMIB monitor/control system through MIBs — JFWD
![Page 13: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/13.jpg)
13
Future ORE work
• Capabil it ies— Revocable services
• Security— Java 2 style permissions to perform operations
• Resource l imits, DoS protection— Probably requires support from JVM
• Jini, Oplet Directory - locate and load services
• Agents/Services
• Open source
![Page 14: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/14.jpg)
14
Open Device Architecture Open Device Architecture
Device HWOperating System
JVM
OREService
C/C++API
JavaAPI
DeviceCode
ORE
DeviceDrivers
JNIJF
WD
AP
IDownload Oplet
![Page 15: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/15.jpg)
15
Switching Fabric
CPU
Wire SpeedForwarding
ForwardingProcessor
Forwarding
Rules
Statistics &Monitors
ForwardingProcessor
Forwarding
Rules
Statistics&Monitors
ForwardingProcessor
Forwarding
Rules
Statistics &Monitors
Control Plane
. . .
Silicon-based Forwarding EnginesSilicon-based Forwarding Engines
![Page 16: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/16.jpg)
16
Dynamic Configuration of Forwarding Dynamic Configuration of Forwarding Rules Rules
CPU
ForwardingProcessor
ForwardingProcessor
ForwardingProcessor
ForwardingProcessor
ForwardingRules
Dynamic Policy
SW
HW
![Page 17: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/17.jpg)
17
CarbonCopy Capabil ity CarbonCopy Capabil ity
CPU
ForwardingProcessor
ForwardingProcessor
ForwardingProcessor
ForwardingProcessor
![Page 18: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/18.jpg)
18
Dynamic Packet ConfigurationDynamic Packet Configuration
ForwardingProcessor
ForwardingProcessor
Pac
ket
Policy
Filters
Packet
Pack
et Filte
r
DSCService
![Page 19: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/19.jpg)
19
Dynamic Classif ication
• Identify real-time flows (e.g. packet signature/flowId )1 Use CarbonCopy filters to deliver multimedia control protocols
to control plane – e.g. SIP, H.323. RTSP – Determine dynamically assigned ports from control msgs
2 Use CarbonCopy filters to sample a number of packets from the physical port and identify RTP packets/signature
• Set a packet processing filter for packet signature to:— adjust DS-byte OR— adjust priority queue
![Page 20: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/20.jpg)
20
JFWD 5-tuple Fil tering
• copy the packet to the control plane• don't forward the packet • set TOS field • set VLAN priority• adjust priority queue
![Page 21: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/21.jpg)
21
ANTS on Gigabit RouterANTS on Gigabit RouterDemo - 1Demo - 1
![Page 22: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/22.jpg)
22
ANTS Demo Configuration
• RoutingSwitch loads boot image from TFTP server
• RoutingSwitch dynamically loads Oplets from the Class Server
• Laptop 1 originates the ping
• Router gets Ping code from Laptop 1.
• Router “evaluates” ping
• Ping forwarded to Laptop2
• Laptop 2 requests code
• Laptop 2 perform ping reply
ORE Services
1. Class Server 2. TFTP Server
Laptop 1
Laptop 2 Java-enabled
Routing Switch
![Page 23: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/23.jpg)
23
ANTS Demo
Laptop 1
AN Ping
Laptop 2
AN Ping
ORE Services
Java-enabled Routing Switch
AN Ping
Demo 1
![Page 24: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/24.jpg)
24
ANTS Demo
AN_PingApplication
ANTS EE
AN_PingApplication
ANTS EEService
DLBootstrap Capsule
JVMOREJVM
WIN-95 Routing Switch
PingCapsule
DLRequest Capsule
DLResponse Capsule
![Page 25: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/25.jpg)
25
ANTS Demo
• Java application running on the router
• ORE facil i tate downloading services
• Interoperable with ANTS Distr ibution
• Minimum changes to make it conform to ORE service specif ication
![Page 26: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/26.jpg)
26
Dynamic Filtering & Configuring Dynamic Filtering & Configuring Demo - 2Demo - 2
![Page 27: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/27.jpg)
27
Dynamic - On the Fly ConfigurationDynamic - On the Fly Configuration
ForwardingProcessor
ForwardingProcessor
Pac
ket
Policy
Filters
AN Apps
Packet
Pack
et Filte
r
Demo 2
![Page 28: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/28.jpg)
28
Dynamic - On the Fly ConfigurationDynamic - On the Fly Configuration
• From downloadable Java application, we can modify the behavior of the ASICs
![Page 29: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/29.jpg)
29
Active Networks Packets InterceptionDemo 3 -
![Page 30: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/30.jpg)
30
Active Networks Packet Active Networks Packet CaptureCapture
CPU
ForwardingProcessor
ForwardingProcessor
ForwardingProcessor
ForwardingProcessor
AN Apps
JFWD to Divert or Copy
Wire Speed
Pac
ket
Demo 3
![Page 31: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/31.jpg)
31
Packet Divert
• Active Network topology is unknown
• ANEP packets NOT addressed to this node are delivered to the control plane for processing
• ANEP daemon receives packets and delivers them to the appropriate EE based on TypeID ASIC
Application
Filter
ANEP
Execution Environment
Execution Environment
Application
ANEP packet
![Page 32: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/32.jpg)
32
Active Networks Packet CaptureActive Networks Packet Capture
• Be able to get the packets from the forwarding plane to the control plane
• Process Active Networks packets in the control plane
![Page 33: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/33.jpg)
33
Experimental Setup
100 Mbps
Source 2 tcp_send() 100 Mbps
Destination1. tcp_recv()2. tcp_recv()
Source 1 tcp_send() Acclear
1100BRoutingSwitch 100 Mbps
![Page 34: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/34.jpg)
34
0
20
40
60
80
100
0 1 2 3 4 5 6 7 8 9 10
Seconds
Mbps
Low Priority
High Priority
Start2nd Flow
ChangePriority
End2nd Flow
![Page 35: Integrating Active Networking and Commercial-Grade Routing Platforms](https://reader033.vdocuments.us/reader033/viewer/2022052623/5598c7821a28abfc4c8b45c2/html5/thumbnails/35.jpg)
35
Summary
• Developed the ORE for downloading and safely running services onto network devices
• Without introducing software into data path we performed Dynamic Classif ication of f lows in a Sil icon-Based Gigabit Routing Switch— Introduced a new service to a Gigabit Routing Switch— Identif ied real-t ime flows — Performed policy-based flow behavior classif ication— Adjusted DS-byte value — Showed that f low performance can be improved
For more info email: rf [email protected]