Embed Size (px)
Citation preview
1
SAHARA and OASIS OverviewsNTT MCL Visit
November 6, 2003
Randy H. KatzComputer Science Division
Electrical Engineering and Computer Science DepartmentUniversity of California, Berkeley
Berkeley, CA 94720-1776
2
Presentation Outline
1000-1030 Overview of Sahara and Oasis Projects, Randy
1030-1050 Authenticated Roaming in Hot Spot Networks, Ana
1050-1110 BGP Health Monitoring, Matt
1110-1130 RouteVM: A Framework for Programming Programmable Network Elements, Mel
1130-1145 Programmable Network Testbed, George
1145-1200 iSCSI Performance Experiments, Li
3
The SAHARA Project
• Service• Architecture for• Heterogeneous• Access,• Resources, and• Applications
4
New Opportunity:Services-Enabled Network
• New things you can do inside the network• Connecting end-points to “services” with
processing embedded in the network fabric• “Agents” not protocols, executing inside the
network• Location-aware, data format aware• Controlled violation of layering• Distributed architecture aware of network
topology• No single technical architecture likely to
dominate: interworking plus overlays
5
SAHARA “Elevator” Statement
• Problem– Achieving end-to-end services with desirable,
predictable, enforceable properties spanning potentially distrusting service providers
• Approach– Service composition and inter-operation across
separate admin domains, supporting peering and brokering, and diverse business, value-exchange, access-control models
• Current Focus – Interdomain routing, overlay networks, p2p algorithms– Interoperator WLAN roaming and authentication
• Potential Impact– Effective way to more rapidly extend and deploy
enhanced network functionality
6
Layered Reference Model for Service Composition
IP Network
Enhanced Links(Intra-domain)
Enhanced Paths(Inter-domain)
End-to-End NetworkWith Desirable Properties
Middleware Services
Applications Services
End-User Applications
Connect
ivit
yPla
ne
Applic
ati
on
Pla
ne
Serv
ice
Com
posi
tion
OverlayNetwork“Links”
7
Routing as a Composed Service
• Routing as a Reachability “Service”– Paths between composed service instances--“links” within an
overlay network– Multi-provider environment, no centralized control
• Desirable Enhanced Properties– Context Awareness: discovery/exploitation of net relationships– Agility: converge quickly in response to global changes
to retain good reachability “performance”– Trust: verify believability of routing advertisements– Performance: “guaranteed” bandwidth and latency– Reliability: detect service composition path failures quickly
to enable fast recomposition to maintain E2E service– Scalability and Interoperability: Adapt protocols via processing
between admin domains
8
Recent Progress
• Inter-WLAN Roaming and Authentication (Ana)
• BGP Control Plane• Verifiable BGP: Listen and Whisper• Root Cause Analysis of Routing Failures
(Matt)• Detection of Shared Points of Congestion• Etiquette for Overlay Networks• Fast Recovery for P2P Networks
9
The OASIS Project•Overlays and •Active •Services for •Internetworked •Storage
10
New Opportunity:“The NETWORK is the
Computer”• Rise of Programmable Network Elements
– First Gen Network Appliances, Directors– Storage Virtualizers, Intrusion Detectors, Traffic Shapers,
Server Load Balancers, MIE accountants– Next Gen: Third Party Programmable beyond rules
• Needed: Generalized PNE programming and control model
– Generalized “virtual machine” model for this class of devices
– Retargetable for different underlying implementations
• Applications of Interest– Network Services: L7 switching, firewalls, intrusion and
infected machine detection, storage virtualization, network monitoring and management, etc.
– Particular focus: network storage, iSCSI support
11
Proliferation of Network Appliances
In-the-Network Processing: the NETWORK is the Computer
F5 Networks BIG-IP LoadBalancerWeb server load balancer
Packeteer PacketShaperTraffic monitor and shaper
Ingrian i225SSL offload appliance
Network Appliance NetCacheLocalized content delivery platform
Nortel Alteon Switched FirewallCheckPoint firewall and L7 switch
Cisco IDS 4250-XLIntrusion detection system
Cisco SN 5420IP-SAN storage gateway
Extreme Networks SummitPx1L2-L7 application switch
NetScreen 500Firewall and VPN
12
OASIS “Elevator” Statement
• Problem– Common programming/control environment for diverse
network elements to realize full power of “inside the network” services and applications
• Approach– Software toolkit and VM architecture for PNEs, with
retargetable optimized backend for diverse appliance-specific architectures
• Current Focus – Network health monitoring, protocol interworking and packet
translation services, iSCSI processing and performance enhancement, intrusion and worm detection and quarantining
• Potential Impact– Open framework for multi-platform appliances, enabling
third party service development– Provable application properties and invariants; avoidance of
configuration and “latest patch not installed” errors
13
Generic PNE Architecture
InterconnectionFabric
Inp
ut
Port
s
Outp
ut
Port
s
Buffers
Buffers
Buffers
TagMem
CPCPCPAP
ActionProcessor
CPCPCPCP
ClassificationProcessor
Rules &Programs
14
OASIS Testbed
• Current Testbed– Alteon Filter Programmable
Level 7 Switches» Next generation significantly
more third party programmable
– 2 x Enterprise Class Routers– (Many) pizza box PCs
• In discussion– Nortel + IBM on Blade Center
Storage Servers for UDCs– Cisco IOS Next Generation (ION)
Programmable Packet Filters
15
Recent Progress
• RouteVM PNE Specification (Mel)• Oasis Testbed Development (George)• iSCSI Storage Experiments (Li)• Intrusion Detection Case Study
16
EdgeNetwork
Reliable AdaptiveDistributed Systems
Fox, Jordan, Katz, Necula, Patterson, Stoica, Tygar
DistributedMiddleware
Client
SLT Services DistributedMiddleware
Server
InternetIP Network
Router Router
EdgeNetwork
PNE PNE
“Reactive Systems”Observe, Classify, Learn, Act
ProgrammingAbstractionsFor Roll-back
Crash-Oriented SvrcsObservation
Infrastructure forSystem SLT
Verifiable ProtocolsFast Detection &Route Recovery
ObservationInfrastructure for
network SLT
CommodityInternet
OperatorUser
Application-Specific
Overlay Network
Observation &ControlPoints
17
SAHARA and OASIS
Randy H. Katz
Thank You!
