|
COPYRIGHT 2000 Association for Computing Machinery, Inc.
1. INTRODUCTION
Active Networks [Calvert et al. 1998; Tennenhouse and Wetherall 1996; Tennenhouse et al. 1997; Wetherall and Tennenhouse 1996] is a framework within which users inject programs contained in messages into a network capable of performing computations and manipulations on behalf of the user. Nodes along the network receive these messages, execute the programs within, and (possibly) return values or forward the messages along to other nodes. The Active Networks Program is a DARPA-sponsored research program seeking to sharply increase the programmability of computer networks and network components. The program seeks to increase user and application control over how packets are handled, and to increase the flexibility of computer networks and the ability to upgrade them.
A major motivation behind Active Networks was the theory that there is an exponential growth of computing power in the network suggested by Moore's Law, which states that the speed of electronic components doubles every 18 months. Unfortunately, in most parts of the Internet, the traffic growth rates far exceed the growth rate of Moore's Law. As a result, there is typically less effective computing power per packet every year.
1.1 Why Do Active Network Management?
There are places, however, where Moore's Law is winning. One place is network management and monitoring. The average device is not generating, processing, or receiving drastically more network management traffic than it was a year or two ago. We can hope, therefore, that there is more per-device processing power available for network management than there was in the past, especially since modern router architectures tend to place network management functions on a distinct processor [Partridge et al. 1998].
At the same time, the exponential growth of the Internet is overwhelming management centers. Currently, network management is achieved by having management stations routinely poll the managed devices [Rose 1994; Stallings 1996] looking for anomalies [Paxson 1997b]. As the number and complexity of nodes increase, management centers become points of implosion, inundated with large amounts of redundant information when components are in the same state they were in previously. This passive network solution does not scale and is not cost effective. Furthermore, a component can suffer multiple state changes in less than one round-trip time and, indeed, can oscillate per packet [Paxson 1997a]. It is essential that network management employ techniques that require less communication and permit more effective action on the managed node itself.
Smart Packets seeks to exploit the increase in processing power within the control side of the router to help provide network management. Smart Packets puts active networks technology into the management of the network to make managed nodes programmable. Management centers can then send programs to the managed nodes. This approach has three advantages. First, the information content returned to the management center can be tailored (in real-time) to the current interests of the center, thus reducing the back traffic as well as the amount of data requiring examination. Second, many of the management rules employed at the management center can now be embodied in programs which, when sent to managed nodes, automatically identify and correct problems without requiring further intervention from the management center. Third, Smart Packets shortens the monitoring and control loop--measurements and control operations are taken during a single packet's traversal of the network, rather than through a series of set and get operations from a management station.
The Smart Packets architecture consists of four parts: (1) a specification for smart packet formats and their encapsulation into some network data delivery service, (2) the specification of a high-level language, its assembly language, and a compressed encoding representing that portion of a smart packet that gets executed, (3) a virtual machine resident in each networking element to provide a context for executing the program within the smart packet, and (4) a security architecture.
1.2 Prior Work
Earlier projects have attempted to put a programming language into a network management system. In the late 1980's, the High-level Entity Management System (HEMS) [Partridge and Trewitt 1988] used a query language [Trewitt and Partridge 1988] tuned to the monitoring and control of network entities. While the HEMS query language provides insight into methods to request and modify host data, it does not meet our needs. The language is really an extended database query language, designed to extract large amounts of data from a node. It does not allow general programming. It gives the packet no control over where it is sent, and places no limits on the size of a query. The current Internet network management standard, the Simple Network Management Protocol [Case et al. 1990; Davin et al. 1987], was developed as a competitor to HEMS and, because of concerns about complexity, chose to put each extraction operation in a separate packet.
More recently, a set of platform-independent programming languages, most notably Java [Arnold and Gosling 1997; Gosling et al. 1996], PLAN [Hicks et al. 1998], and CAML [Leroy 1996a; 1996b; Leroy and Mauny 1993], have been created. These programming languages are designed to be transmitted across the network, between machines. However, if the HEMS language was too simple, the newer languages are too rich for reasons discussed in more detail in Section 4.1.
2. SYSTEM ARCHITECTURE
The Smart Packets project is designed to demonstrate that network management is a fruitful target for exploiting active networks technology. As a result, there is a temptation to provide the richest and most flexible programmable environment possible. At the same time, we are concerned that if we made the environment too rich we could still overload the computing power of the managed node and, further, create an environment so rich that it would be hard to secure.
In our attempts to balance these concerns, we made two important design decisions. First, there should be no new persistent state in routers across packets. Keeping persistent state in network nodes, especially routers, is expensive and creates management and consistency problems. Consequently, programs sent in smart packets must be completely self contained. This goal implies the transport service should be connectionless; even fragmentation of the smart packet is not permitted. The Smart Packets programming language must be able to express meaningful programs in under 1KB in length.
Second, there should be a virtual machine used to provide surety of safety while executing the programs carried in smart packets. Remote execution of code is dangerous, so to mitigate the possibility of damage to the executing host, an insular environment is established where operations are controlled. The language that is interpreted by the virtual machine is also designed to avoid dangerous (and for network management, superfluous) features, like file system access and memory management.
Figure 1 shows the Smart Packets system architecture. User-written network management and monitoring programs generate smart packets--encapsulated in Active Network Encapsulation Protocol (ANEP) [Alexander et al. 1997] frames--and give them to the ANEP Daemon process. The daemon injects the smart packet into the network, where the smart packet is sent in either an end-to-end or a hop-by-hop mode. In end-to-end mode, the program is executed only at the destination. In hop-by-hop mode, the program is executed at the source, destination, and all hops in between. The program can contain directives to send results to the source from any host it is executed on. Directives also exist to exclude program execution at the source and destination nodes.
[Figure 1 ILLUSTRATION OMITTED]
The ANEP Daemon process has two responsibilities: it is the injection and reception point for smart packets, and it also contains the virtual machine for executing the programs received. The virtual machine provides a clean, safe context with a well-defined, securable interface into the rest of the system.
3. TRANSMISSION OF SMART PACKETS
A smart packet consists of a Smart Packets header followed by payload. The smart packet is encapsulated within an ANEP packet which, in turn, is carried within IPv4, IPv6, or, in some Active Networks testbed situations, UDP.
3.1 Transmission Issues
One challenge in implementing Smart Packets is that IP does not have a notion of a datagram whose contents are processed at intermediate nodes. An IP router simply examines the datagram header and forwards the datagram. For a smart packet, however, the router must process the contents of the datagram before forwarding it. As a further complication, the router...
Read the full article for free courtesy of your local library.
|
Bookmark this article
Print this article
Link to this article
Email this article
Digg It!
Add to del.icio.us
RSS
