I3 and Active NetworksWhat is i3?Communication AbstractionService ModelWhat Does i3 Support?MobilitySlide 7MulticastAnycastAnycast (cont’d)Service CompositionSecurityDesign Principles1) Hide IP Address2) Enable End-hosts to DefendExample: Avoid Collateral DamageWhy Active Networks?Active NetworksWhy not IP?Variations on Active NetworksCase Study: MIT ANTS SystemSystem ComponentsCapsulesSlide 24Slide 25Slide 26Research QuestionsFunctions Provided by CapsuleSafety, Resource Mgt, SupportPerformanceSlide 31Applications/ProtocolsDiscussionI3 and Active NetworksSupplemental slidesAditya Akella03/23/2007What is i3?•A highly efficient name-based routing implemented as an overlay networkIP routeri3 nodeCommunication Abstraction•Each packet is associated an identifier id•To receive a packet with identifier id, receiver R maintains a trigger (id, R) into the overlay networkSender Receiver (R)id Rtriggersend(id, data)send(R, data)Service Model•API–sendPacket(p);–insertTrigger(t);–removeTrigger(t) // opti onal•Best-effort service model (like IP)•Triggers are periodically refreshed by end-hosts•Reliability, congestion control, and flow-control implemented at end-hostsWhat Does i3 Support?•Mobility•Multicast •Anycast•Service compositionMobility•Host just needs to update its trigger as it moves from one subnet to anotherSenderReceiver(R1)id R1send(id,data)send(R1, data)Mobility•Host just needs to update its trigger as moves from one subnet to anotherSenderReceiver(R2)id R2send(id,data)send(R2, data)Multicast•Unifies multicast and unicast abstractions–Multicast: receivers insert triggers with the same identifier•An application can dynamically switch between multicast and unicastSenderReceiver (R1)id R1send(id,data)send(R1, data)Receiver (R2)id R2send(R2, data)Anycast•Generalize the matching scheme used to forward a packet–Until now we assumed exact matching•Next, we assume: –Longest prefix matching (LPM) using a prefix larger than a predefined constant l to avoid collisions•In the current implementation: ID length, m = 256, l = 128Anycast (cont’d)•Anycast is simply a byproduct of the new matching scheme, e.g., –Each receiver Ri in the anycast group inserts IDs with the same prefix p and a different suffix siSenderReceiver (R1)p|s1R1send(p|a,data)Receiver (R2)p|s2R2p|s3R3Receiver (R3)send(R1,data)Service Composition•Use a stack of IDs to encode the successions of operations to be performed on data •Advantages–Don’t need to configure path–Load balancing and robustness easy to achieveSender(MPEG)Receiver R(JPEG) id_MPEG/JPEGS_MPEG/JPEGidRsend((id_MPEG/JPEG,id), data)S_MPEG/JPEGsend(id, data)send(R, data)Security•Develop a complete solution to protect against IP level denial of service attacks•Show that a communication infrastructure can provide both more functionality and security than InternetDesign Principles1) Hide IP address2) Give end-hosts ability to stop the attack in the infrastructure3) Make sure that proposed solution does not introduce new security vulnerabilities1) Hide IP Address•Enable end-hosts to communicate without revealing their IP address–Otherwise, hosts are vulnerable to IP level flooding attacks•i3 trivially implement this principle as data is exchanged via IDs not IP addressesSender Receiver (R)id Rtriggersend(id, data)send(R, data)2) Enable End-hosts to Defend•In general, end-hosts are in best position to detect when they are under attack–E.g., flash-crowd vs. DoS, SYN attack•Once an end-host detects an attack, it should be able to stop/redirect the offending traffic before it arrives at its inbound connection•With i3 end-hosts can –Stop traffic by removing the trigger under attack–Route around a region of i3 under attack by moving triggers around–Implement access control for multicastExample: Avoid Collateral Damage•Two services shares the same connection to the Internet•If one service is under attack, the user can save the other one (not possible in the Internet)idATMS1Web server (S2)Customer (C)idWEBSAttacker (A)ATM server (S1)Bank CompanyWhy Active Networks?•Traditional networks route packets looking only at destination–Also, maybe source fields (e.g. multicast)•Problem–Rate of deployment of new protocols and applications is too slow•Solution –Allow computation in routers to support new protocol deploymentActive Networks•Nodes (routers) receive packets:–Perform computation based on their internal state and control information carried in packet–Forward zero or more packets to end points depending on result of the computation•Users and apps can control behavior of the routers•End result: network services richer than those by the simple IP service modelWhy not IP?•Applications that do more than IP forwarding–Firewalls–Web proxies and caches–Transcoding services–Nomadic routers (mobile IP)–Transport gateways (snoop)–Reliable multicast (lightweight multicast, PGM)–Online auctions–Sensor data mixing and fusion•Active networks makes such applications easy to develop and deployVariations on Active Networks•Programmable routers–More flexible than current configuration mechanism–For use by administrators or privileged users•Active control–Forwarding code remains the same–Useful for management/signaling/measurement of traffic•“Active networks”–Computation occurring at the network (IP) layer of the protocol stack  capsule based approach–Programming can be done by any user–Source of most active debateCase Study: MIT ANTS System•Conventional Networks: –All routers perform same computation•Active Networks: –Routers have same runtime system•Tradeoffs between functionality, performance and securitySystem Components•Capsules•Active Nodes: –Execute capsules of protocol and maintain protocol state–Provide capsule execution API and safety using OS/language techniques•Code Distribution Mechanism–Ensure capsule processing routines automatically/dynamically transfer to node as neededCapsules•Each user/flow programs router to handle its own packets–Code sent along with packets–Code sent by reference•Protocol: –Capsules that share the same processing code •May share state in the network•Capsule ID is MD5 of codeCapsulesActive NodeIP RouterActive NodeCapsule CapsuleIP Header Version DataTypePrevious AddressType Dependent Header FilesANTS-specific header•Capsules are forwarded past normal IP