Embed Size (px)
Citation preview
The latest developments in FIND/GENI projects and their
influence on European NetworkingJiří Navrátil [email protected]
Terena Networking Conference 2007
21-24.5.2007 Lyngby/Denmark
Agenda
• Internet expansion and consequences• Fundamental problems of Internet• Next generation of Internet (directions and
supporting projects, GENI, FIND) • New network architectures (overlay
networking, virtualized GRID)• European projects (OneLab, Phosphorus,
UCLP, FEDERICA)
Internet expansion
• Web (90ties), p2p (2000), video, IPTV, wireless (today), sensors (tomorrow)
• Asia, Europe, North America, …. Africa• Expecting trillion of devices in near future
• Wide discussion in Internet community about the future, problems in many forms and on many forums
NO STRENGTH to change fundamentals of existing Internet
• NFS came with the GENI which is trying to find way, how to change Internet from the base (REINVENTING)
• Problems: technical and socialcapacity on last mile, guaranteed Bw, path stability,…viruses, attacks, unwanted mail, pishing, etc.
Future Internet
• Creating the Internet you want in 10,15 Years• The Internet which society TRUST • Support pervasive computing (from PDA to
Supercomputing)• Connecting devices and users with all types
communication channels from wireless to optical light paths
• Enable accept further developments and innovations
Two paths for changes Incremental
Clean-Slate (replace Internet with new architecture)
many problems on first path(many limits, hard manage,, vulnerability, hostile)
there are barriers to second path: Internet ossificated, cannot be replaced Inadequate validation of potential solutions,
tesbed dilemma: production testbed = incremental changeexperimental testbed = no real users !
Why now ?many architectional proposals ( statistics new RFC, papers, etc.)enabling technologyinfrastructure exists (NLR, Planetlab, .. GN2,..)research community is ready to making it real
Where are the fundamental problems and what is the most actual (first order) problem ??????
Larry Peterson Princeton University:A Strategy for Continually Reinventing Internet(May 2005)
The real problems of IP world are in the principles (core functionality)
• IP addresses ? Before 1994 nearly collapsed. Problem postponed because of reusable private IP, NAT. It is reason why IPv6 is not so hot
• Naming ? DNS still dominate and it has more and more problems• Routing ? Since 1989 BGP (protocol based purely on agreement of ISPs -
routing policy). All other known protocols are unacceptable, technically problematic and they are used just locally,
many existing routes is not used, quality of routes is not under control BGP4 ? Introducing AS was step to aggregation for routing purposes, it helps to postpone problem with effectiveness of routing.
Reality: # of ISP and # of AS grow exponentially !
How Internet Grows
0
10000
20000
30000
40000
50000
60000
70000
80000
1988 92 94 95 96 97 98 99 2000
The grow of Internet Routing Tables
#routes
CIDR, PRIVATE IP addresses, NAT bring slowdown of growing RT
Expectations70000 routes
350
In history
Remark. Individual lines are prefixes (paths) from different peers
Grow in 94– 06 Source http://www.routeviews.org/dynamics
AS growing brings problem to BGP
http://www.internetworldstats.com/images/users.gif
(141 mill./year )
Total 1,114326 mill. new users/year
BGP table analysisPartial visibility of the Internet from one router (from the routing tables)
Source: http://www.caida.org/tools/measurement/skitter/
More about the weaknesses of the Internet
- performance bottlenecks at peering points– Ignores many existing alternate paths– Prevents sophisticated algorithms– Route selection uses fixed, simple metrics– Routing isn’t sensitive to path quality (See next examples)
The Internet is ill suited to mission-critical applicationsPaxson (95-97) 3.3% of all routes has serious problems
Labovitz (97-00) 10% of routes available <95% of time65% of routes available <99.9
3 minutes minimum detection time for failureaverage recovery ~ 15 minutes
Wang (06) 80 % of problems on the path is caused by routing
Chandra (01) 5% of faults last more than 2 hours 45 minutes
1-2 M updates/hour on root DNS (from misconfigurations) 20 top ASes make 50 % updates (China, US, Spain)
97% such updates is from WINDOWS machinesWrong coordination between DHCP and DNS for private IP can create
unwanted traffic and requests to global DNS. This leakage is inappropriate from the traffic and also from the security
aspects.
REFERENCE CAIDA papers: A.Broido, E.Nemeth, kc claffy, SPECTROSCOPY of Private DNS update SourcesA.Broido, H.Shang, M.Fomenkov, Y.Hyun, kc claffy, The Windows of Private DNS Updates
How is robust, scalable, sensitive to the attacks and misconfigurations
DNS system was designed for traffic loads that reflect the rate and complexity of human activities !
How DNS will react on machine-machine applications (crowlers, traffic reviewer,..)
Since WEB appeared DNS become a tool for identify Internet objects (INFORMATION) !
DNS system was designed for identifying IP objects (computers, routers)
PROBLEM IS NOT ONLY TO HAVE NAME (registration) But how TO HANDLE resolution (conversion from/to IP)and UPDATE databases which are bigger and bigger
TLD
ns ns
ns
ns
ns
ns
ns nsns
ns
nsns
ns
ns
.cvut.
.fel.
.cz
.fjfi.
TLD
nsns
ns
ns
ns
ns
nsns ns
ns
nsns
ns
com
.de
Most request is resolved on the lowest level but not all data are available => Recursing requests
.hp..ibm.Recursing requests
browsers
.fs.cvut.cz
Remember: Each nice Web page from “somewhere” can contain several resolutions !(reference to icon/picture/doc located somewhere in Internet) and for seeing it must be resolved !! And it also means grow of your local cache databases
.nl
URL: server/datapath
DNS is undoubtedbut
more and more actual problem is:
Separation data from location !Van Jacobson on Google
http://video.google.com/videoplay?docid=-6972678839686672840
http://www.myhost.edu/doc/pub1.ps
Contact to traditional web servers:SFR infrastructure strips first part and makes DHT resolution, It replaces the first part (host id) with IP and the rest is same as previous case
O-record of MetadataSFRtag: 160 bit string, IP address, port, …
SFR Semantic Free Referencing
( Michael Walfish MIT )
Hostname/pathname structure and DNS resolution
SFRtag/pathname structure and DHT resolution
sfr://fbcd1234/doc/pub1.ps
More flexibility: pathname part of the SFRtag, multiple destinations
Set of RNodes, each RNode keeps range of addresses for nodesEach new node is logically located into this rangeLookup is based on the nearest neighbour
from RN with KEY: 65a1fc
key
d13da3
d462ba
d4213f
d467c4
PASTRY (DHT)
d471f1
Forwarding to dxxxxx
Forwarding to d4xxxx
Range of local keys(c2d1 – 32aaff)
d46a1c
If in local range ..67c5 to ..71f1 Not forwarding !
RNode
RNode
RNode
Hash Table
RNodeRNode
This example cover 224 -1 = 16 mil. objects
Lookup (d46a1c)
1
65a1fc 128.128.22.11121
1faab1 148.33.244.12
192.161.1.12dabcf0 990192.161.1.12dabcf1 991
192.12.12.121dabcf2 992
$key=“dabcf2”$ip = $address {$key}
key index ip
In Pastry max key=ffff ffff ffff ffff
c2d0
32ab00
0
Groupware service: How many files in the Ocean Store?-Assume 1010 people in the world-10,000 files/person – very conservative?- 1014 files should be stored and maintained
Works with concept which separate data from location !
The objects are defined by GUID - fix length string 160 bits
The objects are replicated and stored on multiple servers
The lookup process is dynamic based on queries between client and server
Tapestry routes the message to a physical host containing a resource with that GUID. Further, Tapestry is locality aware: if there are several resources with the same GUID, it locates (with high probability) one that is among the closest to the message source.
http://oceanstore.cs.berkeley.edu/publications/papers/pdf/SPAA02.pdf
Basic functions
Publish/Unpublish Object,
Route to Object,
Route to node)
File list
File
list
File A transferF
ile B
transfer
DB Index
Q.Req. A
Q.Req. B
Napster (coordination of sharing)
Searcher (send query to all neighbors)
Q.Req. AQ.Req. A
Q.Req. A
Distributer AQuery match
File tran
sfer
Gnutella
USERS JOINING AND LEAVING SYSTEMs RANDOMLY, VOLUNTARILY
Ultrapeer(Index for peers)
Distributer
GNet,…
Searcher
Q.Req. AQ.Req. A
Q.Req. A
UP-1
UP-4
Skype
Node B
Supernode
Login server
Node A
registration
SN-A SN-B
SN-C
Search
Broadcast querysystems
Internet allows create meshed structures, every host can communicate with anybody
New p2p architectures New tools (bittorrent)New applications(Skype,SIP)
Explosion of P2P
from Darleen Fisher and Guru Parulkar NSF-CISE presentation
from Darleen Fisher and Guru Parulkar NSF-CISE presentation
from Darleen Fisher and Guru Parulkar NSF-CISE presentation
INTERNET
Lastmile
Lastmile
Gateway operatorVOD
VOD
HDTVIPTV
Open Service Gateway
Service providers Open Service Gateway
MULTISERVICE MULTIUSER
More details:http://perso.citi.insa-lyon.fr/sfrenot//publications/royonCBSE06vosgi.pdf
The gateway operator, through the core service gateway, acts much like a Unix root user. He allows users (service providers) to launch their shell or execution environment (their virtual service gateway). The core gateway runs services accessible to all users. However, contrary to Unix root users, the core gateway does not have access to service gateways' data, files, etc, since these would belong to different, potentially competing companies.
Not only lastmile operator but business for many SP
From: David Alderson CALTECH , NSF Find meeting, Dec. 2005
Situation is getting worse
GIobal Environment for network Innovations – GENI
Reaction of NSF to existing Internet problems• August 25, 2005: NSF announces the GENI Initiative at SIGCOMM. • Since 2006 NFS (CISE) divided GENI to program FIND – Future
Internet Design and the program of construction GENI facility
• During 2 years was many working meetings and it was prepared nearly 50 GDD (Geni Design Documents)
http://www.geni.net/documents_nav.php
The most complex is GENI Research plan GDD-06-28 vers. 4.5 from April 2007 in which defines detail frame for GENI research
GENIResearch program
The GENI Initiative will support research, design, and development of new networking and distributed systems capabilities by:
• Creating new core functionality: Going beyond existing paradigms of datagram, packet and circuit switching; designing new naming, addressing, and overall identity architectures, and new paradigms of network management;
• Developing enhanced capabilities: Building security into the architecture; designing for high availability; balancing privacy and accountability; designing for regional difference and local values;
• Deploying and validating new architectures: Designing new architectures that incorporate emerging technologies (e.g., new wireless and optical technologies) and new computing paradigms enabled by pervasive devices;
• Building higher-level service abstractions: Using, for example, information objects, location-based services, and identity frameworks;
• Building new services and applications: Making large-scale distributed applications secure, robust and manageable; developing principles and patterns for distributed applications;
• Developing new network architecture theories: Investigating network complexity, scalability, and economic incentives.
Focus of FIND
On reinvented Internet architecture and not on individual network technologies
Internet evolution influenced by clean-slate approach
Alternate architecture(s) coexist with the current Internet
Virtualization becomes the norm with plurality of architectures
New services and applications enabled
Status of FIND in 2007
The whole FIND program is currently in initial phase. NSF has created a FIND Planning Committee, which is working
with NSF to organize a series of meetings among FIND grant recipients to identify and refine overarching concepts for a network of the future. It is a continuation of GENI talks that started in 2005
FIND will in 2007 operate with 40 millions US $ and it is expected that from this budget would award at about 60-80 teams. The kickoff meeting was held in November 2006.
http://www.nets-find.net/ NeTS - Division of Computer & Network Systems funds research and education projects in four
basic areas:
Programmable Wireless Networks (NeTS-ProWin) 16
Networking of Sensor Systems (NeTS-NOSS) 30
Networking Broadly Defined (NeTS-NBD) 27
Future Internet Design (NeTS-FIND) 15 – (5,2 M US)
FIND - Scope of Research
– Core functionalities (Reconsideration of basics including packets and other modes of multiplexing and data delivery, addressing, naming and identity; routing and delivery; support for mobility; overlay networks, and services required to support overlays; architectural implications of performance objectives; and other elements of network services.)
– Security and robustness (prevent attack, flooding, blocking unwanted traffic, dealing with „zombies“ and „botnets“, design new safe protocols and frameworks for applications, end nodes security)
– Social aspects - privacy and accountability (balancing privacy/identity, problematic of identity tracking, increase mutual trust between users and authorities, responsibility for malicious behavior, access to emergency services)
– Manageability and usability (facilitate network management, automated networks configurations, fault reporting and diagnostics, architectures cross region coordinations)
– Implications of new Wireless and sensor networks (mobility of subnets, dynamic resource location, data driven routing, )
– Optical network architectures and their implications (integrated internet/optical management, dynamic allocation of capacities, aggregation in backbones )
– High level conceptualization (closer to the user, what they want, location based services, search based on localities, information context etc.)
– Theoretical foundations (investigating network complexities, scalability, robustnes)
– Support for applications design (How applications and services should be design to exploit new architectures, deveoloping distributed applications including economical incentives)
The GENI FacilityAs envisioned, the GENI Facility will enable:– Shared use through slicing and virtualization in time and space
domains (i.e., where "slice" denotes the subset of resources bound to a particular experiment);
– Access to physical facilities through programmable platforms (e.g., via customized protocol stacks);
– Large-scale user participation by "user opt-in" and IP tunnels; – Protection and collaboration among researchers by controlled isolation and
connection among slices; – A broad range of investigations using new classes of platforms and
networks, a variety of access circuits and technologies, and global control and management software;
– Interconnection of independent facilities via federated design.
The GENI Facility will leverage the best ideas and capabilities from existing network testbeds such as PlanetLab, ORBIT, WHYNET,Emulab,X-Bone, DETER and others.
The GENI Facilty will need to extend beyond these testbeds to create an experimental infrastructure capable of supporting the ambitious researchgoals of the GENI Initiative.
Relation FIND/GENIStages of Research 2007 and Later
Architectures as they emerge will be made operational and tested via:
• Simulation (ns-2, …)• Emulation (Planetlab, Emulab,…)• Run on a large-scale GENI facility
When ?
Current situation “HORIZON PROJECT” with 20 millions US for preconstruction planningNext step “Readiness Stage” (allow extension preconstruction planning)
Work on existing experimental infrastructures !
Filling gap
2007
2009
?
Deliverables:-Testbed federation Planetlab/Emulab-Building control plane
Planetlab prototype,VINI –Virt. Network Infrastructure
-Proof-of-concepts wired-wireless integration-Distributed authorization and access control
Internet in a Slices (Click + XORP)
VMM
VS – Virtual server Independent OS LINUX (BSD) running on VM, with own administartion including root with own file system and computation capability
VMMVMM
Slice: set of VS on different nodes
VMM
Node/Slices in PlanetLab
N4
N2
N3
N7
N5
N6
On each node can run more users (slices)Each of them is running in own virtual systemOne user can run more applications
App1App2App3
SLICE
Node
SLICE A1 (N3,N1,N2,N3,N4,N5,N6.N7)
SLICE A3 (N1,N2,N6,N7
SLICE A2 (N3,N6,N5,N4)
N1
Virtual path VP1
VP 2
VP n
N4
N2
N3
N7
N1
N5
N6
Overlay/Slices in PlanetLab
Virtual path VP1
VP 2
VP n
The Overlays
Virtual path VP1
VP 2
VP n
Virtual path VP1 VP 2
VP 3
The Overlays
Real paths in IP: - shared (Planetlab) - private VPN,tunnels, IPinIP end2end (X-bone,..)
real path in IP
Virtual path VP1
VP 2
VP n
R1
R2 Rn
vnode3
Vnode1
VIOLIN Virtual Internetworking on Overlay INfrastructer
(Department of computer science Purdue Univ.)
Violins are virtual isolated networks build on top of overlay networks as- They include virtual routers, switches and end hosts. - Each Violin works in our virtual world with own IP address space
Entities of VIOLIN are created, deleted or migrated on-demand.It creates new environment for applications which can be deployed in this new virtual network.
real path in IP
Virtual path VP1
VP 2
R1 R2 R3 R5
R4
node1
node3node2
vnode2
IP
Violin
Planetlab
vnode3
vnode1
VIOLIN Virtual Internetworking on Overlay INfrastructer
(Department of computer science Purdue Univ.)
real path in IP
Virtual path VP1
VP 2
R1 R2 R3 R5
R4
node1
node3node2
vnode2
IP
Violin
Planetlab
Vswitch
UML
VM
Host OS (Fedora)
Vnode1
UML
VM
Vnode2
UML
VM
VnodeN
UML
VM
VnodeN
UML
VMIntra-host tunneling
Inter host tunneling
node2node1
Service switch for S1
SODA(Daemon)
S1
G-OS
Host OS
S1
G-OS
SODA(Daemon)
S2
G-OS
Host OS
S3
G-OS
SODA AgentSODA Master
HUPHosting utility Platform
node 2
Service switch for S 2Service switch for Sx
Guest OS „UML“
SODA Daemon Bootstrap VM + downloading appl.
Request ASP for SERVICE typeConfiguration for SERVICE types
User request for different services
node 1 node n
Each User can get individual service(web, comp, log, media service …)
SODA: a Service-On-Demand Architecture
(Department of computer science Purdue Univ.)
WOW Wide area network Of virtual Workstations
(ACIS Lab University of Florida)
Fig.1 shows WOW testbed distributed over 6 firewalled domains(118 p2p router nodes - Planetlab and other VMware-based VM nodes)
IPOP – IP over p2p (concept based on Brunet p2p protocol (used to pass FW) on-demand establishments of direct overlay links between WOW nodes
(nodes can join or leave system in 10 sec. direct communication between nodes in 200 sec.)
Shortcut connections
WOW is running unmodified OS and application inside VMs, they can use the middleware framework and reach variety of hosts using CONDOR and VM binary versions of application which can be replicated
Dynamically created topology (ring) in order of secondsbased on VTTIF (Virtual Topology and Traffic Interface Framework)
Significantly improve application performance without user participation
VNET creates illusion that users’s VM are on user’s LAN
Virtuoso/VNET (Department of Computer Science Northwestern University)
What is emulation?the ability to mimic another machine on your computer. You can run the same programs that you would on whatever the other machine is.
http://www.cs.utah.edu/flux/testbed-docs/emulab-dev-jan06.pdf
Switch( Virt.capability)
wired
Univ. UTAH (160+128+40+18+8) hosts
NEXT 17 EMULABS in operation or in contruction
DETERLAB shared infrastructure designed for medium scale repeatable experiments in computer security.
2 clusters (100 nodes each)
http://www.deterlab.net
Larry Peterson Princeton University: A Strategy for Continually Reinventing Internet
(May 2005)
It opens way to new virtulal worldsand possibilities to replicate fundamental parts of internet
Integrate mobility
Develop and test applications in new environment
The first commercial entities will enter into new environment with their users
Andy Bavier, Nick Feamster, Mark Huang, Larry Peterson, Jennifer Rexford.In VINI Veritas: Realistic and Controlled Network Experimentation.
SIGCOMM 2006.
http://www.vini-veritas.net/about
Internet 2
NLR
Andy Bavier, Nick Feamster, Mark Huang, Larry Peterson, Jennifer Rexford.In VINI Veritas: Realistic and Controlled Network Experimentation.
SIGCOMM 2006.
http://www.vini-veritas.net/about
Internet 2
NLR
VLAN
VLANVLAN
Building control plane On Planetlab prototype,Move out PL best effort,new policies, kernel
Distributed authorization andaccess control
An experiment: IIAS - Internet in a Slices
Click (SR)+ XORP(RPsuite)
The main objective of the Euro NGI network is to create the European center of excellence in Next Generation Internet design and engineering, acting as a "Collective Intelligence Think Tank", representing a major support
for the European Information Society industry and leading towards a European leadership in this domain.
at 6
be 4
ch 10
cy 2
cz 2
de 39
dk 3
es 11
fr 10
gr 6
hu 2
ie 4
il 12
is 2
it 14
nl 4
no 6
pl 16
pt 8
se 6
uk 21
EU 188
OneLabs
MyPLC (private Planetlab)
OneLab GoalsExtend PlanetLab into new environments, beyond the traditional wired internet.
Deepen PlanetLab’s monitoring capabilities.Federate - Provide a European administration for PlanetLab nodes in Europe.
FP6 projects
• MUPBED creates an experimental environment to assess the proposed network solutions, and that will be offered as an open test platform to other European research projects and users. The test bed will represent a multi-layer network based on IP/MPLS and ASON/GMPLS technologies, equipped with a unified control plane and designed to support the highly demanding applications of the European research community.
• MUSE creates an experimental environment for low cost multi-service access network. (internet to homes)• NETQoS - project proposes an autonomous policy-based management for wired/wireless heterogeneous
communications networks aimed to provide enhanced end-to-end QoS and efficient resource utilization.
• OneLab will extend the highly successful and widely used PlanetLab infrastructure by enabling deployment of PlanetLab nodes in new wireless environments.
• PANLAB – This will serve as a Technology Roadmap and as a Strategic Development Guideline for European and global telecommunications.
• Phosphorus - High capacity optical networking can satisfy bandwidth and latency requirements, but software tools and frameworks for end-to-end, on-demand provisioning of network services need to be developed in coordination with other resources (CPU and storage) and need to span multiple administrative and network technology domains.
• WEIRD is integrated project aiming at implementing research test-beds using the WiMAX technology in order to allow isolated or impervious areas to get connection to the GEANT2 research network.
• WWI Ambient Networks project will create the network solutions for mobile and wireless systems beyond 3G. It will enable scalable and affordable wireless networking while providing rich and easy to use communication services for all. Ambient Networks offers a fundamentally new vision based on the dynamic composition of networks to avoid adding to the growing patchwork of extensions to existing architectures.
sublayer 4
sunlayer 3
sublayer 2
Edge node
Edge node
sublayer 1
RN4RN1
RN3
RN5
RN2
RN1
RN5
RN4
RN1
RN5
RN4
RN1
RN5
RN4
Different application packets
Core network
Different application packets
Domain X Domain Z
Group/class of applications
“Y”
“P”
“G”
“B”
(voice)
(video)
(interactive gaming)
(data)Different L2 allocation
between RN, different routing for
each L3 sub-layer
1
2
3
4
Questions: Who can create applicaton layer? *jn*
RN = routernode
Thank You for your attention
