Prepared for Prof. Javed I. Khan
Department of Computer Science, Kent State University
Date: November 2001
Abstract: A new way of thinking about the role of network packets must invoked. Active packet produces such mindset where network packet will decide on their fate. Active packets can invoke a program at its destination in the physical layer. This invocation will balance the processing of the transfer data between routers and host machines(computes)
New applications continue to emerge rapidly and often benefit from new network services that better accommodate their modes of use. Active Network recoups network services from the underlying hardware and by allowing new services to be demand loaded into the infrastructure [TGSK96]. Implementing them at nodes interior to the network or at the network layer often offers better functionality and performance. Active network permit applications to support faster service innovation by making it easier to deploy new network services which has a potential impact of active network services on application and how such services can be built and how such service can be built and deployed [WeLG98]. Also, Active networking allows customized packet processing inside the network on a per-packet, per-flow, or per-service basis [HiMA99].
From the management perspective, active networking
technology facilitates rapid service deployment and flexible service management
in which dynamically generating fast path programs that streamline the
execution of the most common packets. Active networks will leverage middleware
services that support the coordination of network management functions,
such as the installation of new software and hardware, load balancing,
fault tolerance, accounting and auditing, [TGSK96].
Furthermore, users can "program" the network, by supplying their own programs to perform computations according to their need. Active networks will allow users to deploy new services by tailoring components of the shared infrastructure to suit their requirements. For example, users could request that a router execute an application-specific compression algorithm during the processing of their packets [TGSK96]
The projects, which we will discuss in this survey, are:
The Smart Packets architecture consists of four parts:
1-A specification for smart packet formats and their encapsulation into some network data delivery service.
2-The specification of a high-level language, its assembly language, and a compressed encoding representing that portion of a smart packet that gets executed.
3-A virtual machine resident in each networking element to provide a context for executing the program within the smart packet, and
4-A security architecture.
Users inject programs contained in messages into an active network. Routers along the network receive these messages, execute the programs within, and (possibly) return values or forward the messages along to other routers [SJS+00]. The program seeks to increase user and application control over how packets are handled, and to increase the flexibility of computer networks and the ability to upgrade them.
Packets has a few requirements:
User-written network management and monitoring programs generate smart packets—encapsulated in Active Network Encapsulation Protocol (ANEP) [Alexander et al. 1997] frames—and give them to the ANEP Daemon process. The ANEP Daemon process has two responsibilities:
Figure 1. IP and ANEP encapsulation
A smart packet consists of a Smart Packets header followed by payload. The smart packet is encapsulated within an ANEP packet, which, in turn, is carried within IPv4, IPv6, or, in some Active Networks tests bed situations, UDP. For a smart packet, however, the router must process the contents of the datagram before forwarding it. As a further complication, the router should examine the contents of the datagram only if the router supports Smart Packets. Otherwise, the router should pass the datagram through by modifying an IP option
Smart packets contain either a program, resulting data, or messages wrapped within a common Smart Packets header and encapsulated within ANEP. The Program Packet carries the code to be executed at the appropriate hosts. The Data Packet carries the results of the execution back to the originating network management program. The Message Packet carries informational messages rather than executable code. Error Packets return error conditions if the transport of a Program Packet or the execution of its code encounters exceptions. Only Program Packets use the IP Router Alert option.
When a Program Packet arrives at a router, the daemon authenticates the identity of the sender, verifies the data origin and data integrity, and checks if the sender is authorized to run the smart packet’s program. Then an instance of the virtual machine is instantiated, and the code within the packet is executed.
As part of the security architecture, the virtual machine is made aware of resource limits such as maximum number of instructions to be executed, and how much memory can be used, and privileges such as whether access to MIB sets is allowed.
The primary component of each packet is its chunk (short for code hunk), which consists of code, a function name to serve as an entry point, and values to serve as bindings for the arguments of the entry function.The other components are the destination address, the global resource bound (a counter), the routing function, the source address, and the function for error handling.
Figure 2. An example of PLAN packet journey (traceroute packet).
A host application constructs a PLAN packet and injects it into the active network via a port connected to the local PLAN interpreter. This injection port is used by PLAN to provide output to the application, and allows the application to create new packets. Once a packet is created, it is sent to its destination for evaluation. If the destination is many hops away, so intermediate nodes need a way to determine the ‘next hop.’ This is done using the packet’s routing function field, which names a service function that takes the destination as an argument and returns the next hop towards that destination. At each hop, the resource bound field is decremented by one; if the resource bound is exhausted, the packet is terminated.
Specific components of PLAN:
The PLAN programming environment is used to build an active internetwork, PLANet. PLANet’s basic protocols are based on ones used in IP, but with a key difference: all packets are PLAN programs. In PLANet, distributed protocols used to maintain the network, such as routing and address resolution protocols, are implemented as a combination of PLAN programs and services [HKM+98].
PLAN is implementation
When choosing an, we had several specific requirements. First, to make the claim that the network is programmable,
The implementation language for PLAN must be
2-Easily portable, and
The authors chose OCaml [Caml] and the Pizza [Pizz] extension to Java [GoJG96].
Each capsule consists of the following:
Capsules are like mobile agents in that they direct themselves through the network by using a custom forwarding routine. The type of forwarding is indicated by the value of the type field and is selected by end-user software when it injects a capsule into the network. The corresponding forwarding routine is transferred using mobile code techniques to active nodes that the capsule visits as it passes through the network. The routine is executed at each active node that is encountered along the forwarding
Path. At conventional nodes, IP forwarding occurs using the IP header fields.
ANTS do not restrict who can program which nodes. Instead, ANTS aims to allow each user to construct new data transfer services across the wide-area, such as routing for host mobility, by controlling the handling of their own packets. Within the network. This is analogous to extensible operating system approaches that aim to offer entrusted applications as much control over the way system resources are managed as possible while still being able to protect the underlying resources and arbitrate between competing demands. ANTS is based on an aggressive “capsule” approach in which code is associated with packets and run at selected IP routers that are extensible. We sketch its design in the following [Weth99]:
Figure 3. ANTS entities
The entities in an ANTS network are shown in Figure 3. Applications obtain customized network services by sending and receiving special types of packets called capsules via a programmable router referred to as an active node. Each active node is connected to its neighbors, some of who can be conventional IP routers, by link layer channels. The innovative properties of an ANTS network stem from the interaction of capsules and active nodes; the application and channel components are simply modeled on those of conventional networks.
The first step is to write a new set of forwarding routines that implement the desired behavior. This is done in a subset of Java in our reference implementation, the ANTS toolkit. Each different forwarding routine corresponds to a different type of capsule and can carry different header fields. The kinds of forwarding routines that can be constructed depend on the capabilities of the active node; routines are further restricted in the amounts of node resources they can consume.
It provides three categories of calls that: query the node environment; manipulate a soft-store of service-defined objects that are cached for a short time and then expired; and route capsules towards other nodes or applications in terms of shortest paths. Once the code is written, it is signed by a trusted authority (an IETF-equivalent) to certify that the service makes use of overall network resources in a “reasonable” fashion. Finally, the code is registered with a directory service using a human-readable name to make it available to other network users.
The general flow of the packets through an active node is shown in figure 2. When
Figure 4: Packet flow through an active node.
When a packet is received on a physical link, it is first classified based on information in the packet (i.e. headers); this classification deter-mines the input channel —including protocol processing— to which the packet is directed. Classification of incoming packets is controlled by patterns specified by the EEs.
After input channel processing the packet is handed off to the EE that requested creation of the channel.
It is the responsibility of the NOS and security engine to ensure that the requesting principal is permitted access to the set of packets implied by the pattern associated with a channel creation request. Incoming packets that match no pattern are dropped.
On the output side, EEs transmit packets by submitting them to output channels, which include protocol processing as well as output scheduling. Thus, the general progression is link input, classification, input protocol processing, EE/AA processing, output protocol processing, scheduling, and link transmission. Each transmitted packet corresponds to some received packet; EEs may aggregate or generate them spontaneously [Calv99].
The Active Network Encapsulation Protocol also provides a vehicle for other communications with the NOS, including:
Safety: We define the safety of an active packet system as the degree to which it protects the overall network from attack or misuse, whether deliberate or accidental. We contend that an active packet system should strive to provide at least the level of safety of IP. Failure to do so would be a very sizeable barrier to deployment in the Internet. Ideally, an active packet system should provide an even higher level of safety than IP.
Efficiency: We define the efficiency of an active packet system as the ratio of network work performed (perhaps in terms of bandwidth, or packets processed) to CPU cycles used. IP provides us with a natural reference point for efficiency; we expect most active packet systems to be less efficient than IP. We draw a distinction, however, between efficiency and performance.
Flexibility: We define the flexibility of an active packet system as the amount of new functionality made possible by the system as contrasted to IP. It may be the case that it is hard to compare the flexibility of any two active packet systems, so our discussion of related work in Section 3 will be a partial ordering of the systems in question.
The following table illiterate the degree of each characterization on each project.
To control network-wide resource use, ANTS provides a TTL field, which is decremented at each hop, and duplicated when packets create a child packet. Since packets can create any number of child packets, the TTL limits the distance a packet’s children can travel, but not the total work in the network. Currently ANTS requires that some authority certify capsules before being deployed to limit the possibility of malicious packets. This significantly reduces the speed at which new capsule programs can be deployed, and of course raises the question of the correctness of the certification.
However, Wetherall argues that capsules in a given network flow will likely require similar processing, so at 16 Mbps for the in-cache case, this early ANTS prototype already achieves performance adequate to T1 line rates [Moor99].
There could be multiple copies of the same code residing in a given cache, which would be problematic if a proliferation of application protocols resulted in widespread cache contention.
Network bandwidth is governed by a strictly decreasing resource bound carried by each packet. When a packet spawns a child packet, it must donate some of its remaining resource bound to the child, thus bounding the total number of network hops which a packet and its descendants can take. Unfortunately, it is difficult to know how to set this bound, and there is currently no provision for preventing the bound being set unreasonably high when the packet is first injected. Finally, PLAN’s service namespace may be dynamically restricted or expanded based upon cryptographic credentials [MoNe01].
The main savings here was being able to avoid packet-marshalling costs on the routers where PLAN evaluation did not occur. The main overheads identified in PLANet were kernel crossings, thread scheduling, and garbage collection.
One awkward point, however, is that the resource bound conservation properties make it difficult (from programmer’s point of view) to apportion a packet’s resource bound among multiple children.
These certificates may be omitted, in which case the packet runs in a very resource-limited environment that is nonetheless sufficient to perform simple diagnostic functions such as ping or traceroute.
Smart Packets may nonetheless be fast enough. Unfortunately, basic performance numbers are not available at this time.
Providing MIB operations means that Smart Packets should be able to perform most SNMP-style management tasks.
The PLAN project attempts to address safety concern via language design. The PLAN packet language has limited expressivities, so that authentication is not required to execute packet programs. Notably, all PLAN program are guaranteed to terminate [Moor99]. ANTS packets add extensibility at the network layer and allows for incremental deployment of active nodes within the internet. ANTS tackles the challenges of ensuring that the flexibility offered by active networks does not adversely impact performance or security.
M. Brunner, B. Plattner, R. Stadler, Service Creation and Management in Active Telecom Environments. Communications of the ACM, April 2001. http://www.tik.ee.ethz.ch/~brunner/papers/CACM_Camera_Ready_final.pdf
K. L. Calvert. Architectural framework for active networks, version 1.0, University of Kentucky, July 1999. http://www.dcs.uky.edu/~calvert/arch-latest.ps
Caml home page. http://pauillac.inria.fr/caml/index-eng.html.
James Gosling, Bill Joy, and Guy Steele. The Java Language Specification. Addison Wesley, 1996. http://java.sun.com/docs/books/jls/
Michael Hicks, Jonathan T. Moore, and D. Scott Alexander. PLANet: An Active Internetwork. In IEEE Intl. Conf. On Computer Communications (INFOCOM '99), pages 1124--1133, 1999. http://citeseer.nj.nec.com/hicks99planet.html
J. T. Moore. Safe and efficient active packets. Technical Report MS-CIS-99-24, Department of Computer and Information Science, University of Pennsylvania, October 1999, http://citeseer.nj.nec.com/moore99safe.html
J. Moore and S. Nettles. Towards Practical Programmable Packets. Proceedings of the 20th Conference on Computer Communications (INFOCOM). IEEE, Anchorage, Alaska, April 2001. http://citeseer.nj.nec.com/294052.html
David Murphy, Building an Active Node on the Internet. Technical Report MIT-LCS-TR-723. Master of Engineering thesis, May 1997. http://citeseer.nj.nec.com/murphy97building.html
Pizza home page. http://pizzacompiler.sourceforge.net/
Beverly Schwartz and Alden W. Jackson and W. Timothy Strayer and Wenyi Zhou and R. Dennis Rockwell and Craig Partbridge. Smart packets: applying active networks to network management. ACM Transactions on Computer Systems. Volume 18, number 1, pages 67--88, 2000. http://citeseer.nj.nec.com/schwartz00smart.html
D.L. Tennenhouse, S.J. Garland, L. Shrira, and M.F. Kaashoek. From Internet to ActiveNet. Request for Comments, January 1996. http://citeseer.nj.nec.com/tennenhouse96from.html
D. L. Tennenhouse, J. M. Smith, W. D. Sincoskie, D. J. Wetherall, and G. J. Minden. A survey of active network research. IEEE Communications Magazine, pages 80--86, January 1997. http://citeseer.nj.nec.com/tennenhouse97survey.html
David Wetherall. Active network vision and reality: lessons form a capsule-based system. Symposium on Operating Systems Principles, pages 64-79,1999. http://citeseer.nj.nec.com/wetherall99active.html
David J. Wetherall, Ulana Legedza, and John Guttag. Introducing New Internet Services: Why and How. IEEE Network Magazine. July/August 1998. http://www.sds.lcs.mit.edu/publications/network98.html
M. Hicks, P. Kakkar, J. T. Moore, C. A. Gunther, and S. Nettles. PLAN: A Packet Language for Active Networks. In Proceedings of the Third ACM International Conference on Functional Programming Languages (SIGPLAN'98), pages 86-93, May 1998. http://citeseer.nj.nec.com/hicks98plan.htmlhttp://www.sds.lcs.mit.edu/activeware/