(Future Internet Design) - SNUmmlab.snu.ac.kr/courses/2007_advanced_internet/handout/20071126... ·...

30
FIND FIND FIND FIND (Future Internet Design) (Future Internet Design) (Future Internet Design) (Future Internet Design) 26th. Nov. 2007 26th. Nov. 2007 26th. Nov. 2007 26th. Nov. 2007 Lee, Choongho Lee, Choongho Lee, Choongho Lee, Choongho [email protected] [email protected] [email protected] [email protected]

Transcript of (Future Internet Design) - SNUmmlab.snu.ac.kr/courses/2007_advanced_internet/handout/20071126... ·...

FINDFINDFINDFIND(Future Internet Design)(Future Internet Design)(Future Internet Design)(Future Internet Design)

26th. Nov. 200726th. Nov. 200726th. Nov. 200726th. Nov. 2007Lee, ChoonghoLee, ChoonghoLee, ChoonghoLee, Choongho

[email protected]@[email protected]@mmlab.snu.ac.kr

2/30

ContentsContentsContentsContents

FIND Introduction

Manageability

Security

Architecture

Summary

3/30

FIND IntroductionFIND IntroductionFIND IntroductionFIND Introduction

� FIND (FIND (FIND (FIND (FFFFuture uture uture uture ININININternetternetternetternet DDDDesign)esign)esign)esign)

� A major new long- term initiative of the NSF NeTS research program

� FIND Kickoff meeting, November 8/ 9, 2006

� Seek to find out answers toSeek to find out answers toSeek to find out answers toSeek to find out answers to

� How can we design a network that is fundamentally more secure and available than today's Internet?

� How might such functions as information dissemination, location management or identity management best fit into a new network architecture?

� What will be the long- term impact of new technologies such as advanced wireless and optics?

� How will economics and technology interact to shape the overall design of a future network?

� How do we design a network that preserves a free and open society?

4/30

FIND IntroductionFIND IntroductionFIND IntroductionFIND Introduction

� Security and robustnessSecurity and robustnessSecurity and robustnessSecurity and robustness

� Easier to manageEasier to manageEasier to manageEasier to manage

� Interconnect the computers of 10 years outInterconnect the computers of 10 years outInterconnect the computers of 10 years outInterconnect the computers of 10 years out

� Support new applicationsSupport new applicationsSupport new applicationsSupport new applications

� Take advantage of new network technology 10 years outTake advantage of new network technology 10 years outTake advantage of new network technology 10 years outTake advantage of new network technology 10 years out

� Recognize the importance of nonRecognize the importance of nonRecognize the importance of nonRecognize the importance of non---- technical considerationstechnical considerationstechnical considerationstechnical considerations

5/30

FIND IntroductionFIND IntroductionFIND IntroductionFIND Introduction

� 41 FIND41 FIND41 FIND41 FIND---- Funded ProjectsFunded ProjectsFunded ProjectsFunded Projects

� ArchitectureArchitectureArchitectureArchitecture

� An Architecture for a Diversified Internet

� CABO: Concurrent Architectures are Better Than One

� ManageabilityManageabilityManageabilityManageability

� Design for Manageability in the Next Generation Internet

� SecuritySecuritySecuritySecurity

� Designing Secure Networks from the Ground- Up

� Enabling Defense and Deterrence through Private Attribution

6/30

ContentsContentsContentsContents

FIND Introduction

Manageability

Security

Architecture

Summary

7/30

Architecture Architecture Architecture Architecture

� Problems of the TodayProblems of the TodayProblems of the TodayProblems of the Today’s Internets Internets Internets Internet

� Deployment of significant improvements

� It needs significant capital investment & Universal agreement

� No Internet Service Provider has control over an entire end- to- end

path

� ISPs cannot enhance end- to- end service

� Difficult to deploy

� IP multicast

� Secure routing protocol

� Differentiated services

� Network virtualizationNetwork virtualizationNetwork virtualizationNetwork virtualization

� An Architecture for a Diversified Internet

� CABO : Concurrent Architectures are Better Than One

8/30

An Architecture for a Diversified InternetAn Architecture for a Diversified InternetAn Architecture for a Diversified InternetAn Architecture for a Diversified Internet

� Network virtualizationNetwork virtualizationNetwork virtualizationNetwork virtualization

� Make virtualization a central architectural component of new

Internet architecture

� Diversified Internet

� Multiple end- to- end packet forwarding systems

� A diverse set of protocols and various different services within a

common infrastructure or substrate

� Each network is a metanetwork, which provides e2e delivery

� Consists of metarouters (on top of substrate routers) and metalinks

� Substrate routers provide generic and programmable processing

resources, located between layers 2 and 3

� Objectives

� Enable diverse metanetworks to co- exist

� Allow introduction of new network architectures at any time

� Stimulate development of applications

9/30

many substratedomains

metanetsspan multipledomains

An Architecture for a Diversified InternetAn Architecture for a Diversified InternetAn Architecture for a Diversified InternetAn Architecture for a Diversified Internet

� Substrate Domains in Diversified InternetSubstrate Domains in Diversified InternetSubstrate Domains in Diversified InternetSubstrate Domains in Diversified Internet

10/30

An Architecture for a Diversified InternetAn Architecture for a Diversified InternetAn Architecture for a Diversified InternetAn Architecture for a Diversified Internet

� Substrate architectureSubstrate architectureSubstrate architectureSubstrate architecture

� Located between L2 and L3

� Data plane – flexible metalink support

� Control plane� configuring metanets

� metaroutersmetaroutersmetaroutersmetarouters and and and and metalinksmetalinksmetalinksmetalinks

� control communication and support services

� Architectural neutrality and security

� MetalinkMetalinkMetalinkMetalink

� Abstraction of an underlying physical link

� MetarouterMetarouterMetarouterMetarouter

� PE (Processing Engine)

� Meta- interface� logical endpoint for a metalink

� Send and receive packets across

meta- interface

11/30

An Architecture for a Diversified InternetAn Architecture for a Diversified InternetAn Architecture for a Diversified InternetAn Architecture for a Diversified Internet

� Architectural NeutralityArchitectural NeutralityArchitectural NeutralityArchitectural Neutrality

� Allow maximum diversity among metanets

� Enable wide variety of protocols, service models

� Minimize substrate role, maximize metanet role

� Substrate will be difficult to change

� Metanets should handle all things that may change

� Security and mobility

� Enable secure metanets

� Enable metanets that support mobility

� Minimize substrate role in providing security, mobility to

enable on- going improvements

� Limit substrate to resource provisioning role

� No end- to- end packet delivery at substrate level

� Provides “raw” resources to metanets

� Diversity of resource types, open to new types

12/30

An Architecture for a Diversified InternetAn Architecture for a Diversified InternetAn Architecture for a Diversified InternetAn Architecture for a Diversified Internet

� Experimental Experimental Experimental Experimental metanetworksmetanetworksmetanetworksmetanetworks

� Publish- subscribe metanet for distributed simulation

� Omnidirectional multicast distribution trees with interest filters

� High performance location- based filtering

� Large- scale science metanet

� Advance scheduling of bulk transfers

� Reconsidering fairness for on- demand schedules

� Research PlanResearch PlanResearch PlanResearch Plan

� Substrate design and development

� Dynamic publish subscribe metanet

� Large- scale science metanet

� Integration with GENI

13/30

CABOCABOCABOCABO

� CABO : Concurrent Architectures are Better Than OneCABO : Concurrent Architectures are Better Than OneCABO : Concurrent Architectures are Better Than OneCABO : Concurrent Architectures are Better Than One

� Philosophy : Virtualization is the architecturePhilosophy : Virtualization is the architecturePhilosophy : Virtualization is the architecturePhilosophy : Virtualization is the architecture

� Make the infrastructure support multiple architectures in parallel

� Separating infrastructure providers from the service providers

� Infrastructure providers

� Maintain physical infrastructure needed to build networksMaintain physical infrastructure needed to build networksMaintain physical infrastructure needed to build networksMaintain physical infrastructure needed to build networks

� Service providers

� Lease Lease Lease Lease “slicesslicesslicesslices” of physical infrastructure from one or more providers by of physical infrastructure from one or more providers by of physical infrastructure from one or more providers by of physical infrastructure from one or more providers by

constructing a virtual networkconstructing a virtual networkconstructing a virtual networkconstructing a virtual network

14/30

CABOCABOCABOCABO

� EndEndEndEnd---- totototo---- End ServicesEnd ServicesEnd ServicesEnd Services

� Secure routing protocols

� Paths with end- to- end performance guarantees

Today Cabo

Competing ISPs

with different goals

must coordinate

Single service

provider controls

end-to-end path

15/30

CABOCABOCABOCABO

� AdvantagesAdvantagesAdvantagesAdvantages

� Availability

� Providing good performance for real- time applications

� Topology specific routing protocols

� Evolvability

� Testing of new router software

� Evaluating research prototypes

� Economic incentives

� Enabling innovation in network service

� Customized network services

� Co- location

16/30

ContentsContentsContentsContents

FIND Introduction

Manageability

Security

Architecture

Summary

17/30

Design for Manageability in the Next Generation Design for Manageability in the Next Generation Design for Manageability in the Next Generation Design for Manageability in the Next Generation InternetInternetInternetInternet

� Requirements for manageability in the future internetRequirements for manageability in the future internetRequirements for manageability in the future internetRequirements for manageability in the future internet

� 6 nines (99.9999%) availability� Less than one seconds down time per month

� 4 nines (99.99%) compliance� The ability to meet specified performance target (service level

agreements)

� Attack resilience

� Dynamic configuration

� Ubiquitous mobile system, virtual/ overlay networks

� Efficient management

� GoalGoalGoalGoal

� Automated management

� Intrinsic management support

� Real- time change detection

� Pervasive data sharing

18/30

Design for Manageability in the Next Generation Design for Manageability in the Next Generation Design for Manageability in the Next Generation Design for Manageability in the Next Generation InternetInternetInternetInternet

� Management functionsManagement functionsManagement functionsManagement functions

� Automated

� Rely on Embedded capabilities in the networks

� Management building block : Management building block : Management building block : Management building block : ComposableComposableComposableComposable basic technologiesbasic technologiesbasic technologiesbasic technologies

� Ubiquitous instrumentation

� Protocols for data sharing

� Protocols for end host signaling

� Event detection mechanisms

� Management Data Repository

� Composable Management

19/30

Design for Manageability in the Next Generation Design for Manageability in the Next Generation Design for Manageability in the Next Generation Design for Manageability in the Next Generation InternetInternetInternetInternet

� Ubiquitous instrumentation Ubiquitous instrumentation Ubiquitous instrumentation Ubiquitous instrumentation

� Collect data for network management

� Represent a fundamental change in how systems, protocols and applications are build today

� Link utilization, latency, traffic flows, congestion/ loss, jitter, route updates

� Considering the trade- offs and impact on the infra � Active and passive measurement methods

� Protocols for data sharing Protocols for data sharing Protocols for data sharing Protocols for data sharing

� Automation of global decisions within the context of centralized or distributed management policies is more powerful

� Inter- and intra- network data sharing is required� Need protocols and mechanisms for data sharing that are reliable,

secure

� Considering the trade- offs and impact on the infra � data representation, push vs pull, data transfer mechanisms, security,

authorization, privacy

20/30

Design for Manageability in the Next Generation Design for Manageability in the Next Generation Design for Manageability in the Next Generation Design for Manageability in the Next Generation InternetInternetInternetInternet

� Protocols for end host signaling Protocols for end host signaling Protocols for end host signaling Protocols for end host signaling

� End hosts transmit meta data to the network management infra

� Considering the trade- offs and impact on the infra

� Required data, representation of data, the scope for transmitting data,

method for ensuring trust, privacy

� Event detection mechanisms Event detection mechanisms Event detection mechanisms Event detection mechanisms

� Detect when and where the network is unavailable or non-

compliant

� Considering the trade- offs

� Data requirements (how, when, where, what instrumentation will be

deployed)

� Detection accuracy, timeliness, computational requirements

21/30

Design for Manageability in the Next Generation Design for Manageability in the Next Generation Design for Manageability in the Next Generation Design for Manageability in the Next Generation InternetInternetInternetInternet

� Management Data RepositoryManagement Data RepositoryManagement Data RepositoryManagement Data Repository

� Building and maintaining

� centralized vs. distributed management data repositories

� query mechanisms required to support management decision

� ComposableComposableComposableComposable ManagementManagementManagementManagement

� Methods for composability of all development management

building block

� Research Schedule and MilestonesResearch Schedule and MilestonesResearch Schedule and MilestonesResearch Schedule and Milestones

� Year 1 : develop a series of initial designs for each of the basic

building blocks

� Year 2 : development of building block with the intention of

deployment in local live network environments

� Year 3 : expand building block testing and build new prototypes

22/30

ContentsContentsContentsContents

FIND Introduction

Manageability

Security

Architecture

Summary

23/30

Designing Secure Networks from the GroundDesigning Secure Networks from the GroundDesigning Secure Networks from the GroundDesigning Secure Networks from the Ground---- UpUpUpUp

� To Build a secure networkTo Build a secure networkTo Build a secure networkTo Build a secure network

� Require all traffic flows to signal their origin and intent

� IP address : not reliable to be use as part of a security policy

� Private vs. Public SettingPrivate vs. Public SettingPrivate vs. Public SettingPrivate vs. Public Setting

� Private environment

� In a single administrative domain or a private network

� Strict access controls

� Centrally administered to meet a well- defined security policy

� Authentication

� ex) private network

� Public environment

� Transcend organizational boundaries

� Not centrally administered nor adhere to a unified security policy

� ex) public Internet server

24/30

Designing Secure Networks from the GroundDesigning Secure Networks from the GroundDesigning Secure Networks from the GroundDesigning Secure Networks from the Ground---- UpUpUpUp

� SANE (Security Architecture for Networked Enterprises)SANE (Security Architecture for Networked Enterprises)SANE (Security Architecture for Networked Enterprises)SANE (Security Architecture for Networked Enterprises)

� Principle

� Least privilege : only access end- hosts for which they are granted explicit permission

� Least knowledge : only information to forward packet to the next hop

� Users

� Need to authenticate and get explicit permission from a centrally administered domain controller

� Reach the the DC by the proscribed path

� The origin and the intent of the traffic is always knownThe origin and the intent of the traffic is always knownThe origin and the intent of the traffic is always knownThe origin and the intent of the traffic is always known

� DC (Domain Controller)

� Single repository where all network security policy is specified

� Has a complete view of network topology

� Capability : encrypted switch- level source route b/ w two communication end points

� Simple- to- define access policies

� The policies expressed in plain English

� No user, switch or end- host has more information that It absolutely needs

25/30

Designing Secure Networks from the GroundDesigning Secure Networks from the GroundDesigning Secure Networks from the GroundDesigning Secure Networks from the Ground---- UpUpUpUp

SANE Service Model Packet Forwarding

26/30

Designing Secure Networks from the GroundDesigning Secure Networks from the GroundDesigning Secure Networks from the GroundDesigning Secure Networks from the Ground---- UpUpUpUp

� InSANEInSANEInSANEInSANE

� Extension of SANE- like control to public flows

� Modify end- host APIs to signal their intent to the network or to

other end- hosts

� The network infra and end hosts make meaningful decisions with

this information

� Private- to- public

� Handshake service

� Service provider checks clients are legitimate Service provider checks clients are legitimate Service provider checks clients are legitimate Service provider checks clients are legitimate

� After handshake, forward legitimate traffic to the backend serveAfter handshake, forward legitimate traffic to the backend serveAfter handshake, forward legitimate traffic to the backend serveAfter handshake, forward legitimate traffic to the backend serverrrr

� Private- to- private

� Each private network trusts the other

� Creation of isolated networks

� A best effort datagram service over these network

27/30

Enabling Defense and Deterrence through private Enabling Defense and Deterrence through private Enabling Defense and Deterrence through private Enabling Defense and Deterrence through private attributionattributionattributionattribution

� TodayTodayTodayToday’s internets internets internets internet

� Extremely vulnerable to motivated and well- equipped attackers

� Defense and DeterrentDefense and DeterrentDefense and DeterrentDefense and Deterrent

� Defense

� Mechanisms that impede the activities of an adversary

� Block an adversary’s current attack without a meaningful risk of being

caught

� Deterrent

� Effective means of attribution

� Tying an individual to an actionTying an individual to an actionTying an individual to an actionTying an individual to an action

� Physical forensic evidence in physical worldPhysical forensic evidence in physical worldPhysical forensic evidence in physical worldPhysical forensic evidence in physical world

� Most research in network security focuses on defense

� The security in the future internet requires a balance b/ w defenses

and deterrent

28/30

Enabling Defense and Deterrence through private Enabling Defense and Deterrence through private Enabling Defense and Deterrence through private Enabling Defense and Deterrence through private attributionattributionattributionattribution

� Mechanism Mechanism Mechanism Mechanism

� Enables non- repudiatable trackback and attack mitigation

� Preserving sender privacy through the use of shared- secret key

� Key fundamental of a securityKey fundamental of a securityKey fundamental of a securityKey fundamental of a security

� Privacy- preserving per- packet attribution based on group

signatures

� Any network element is allowed to verify that a packet was sent by a

member of a given group

� 1 Group manager (privileged), n group members (unprivileged)

� Anyone can use group’s public key and verify a message

� Group manager can open a message and get an identity of a member

� Content- based privacy assurance

� Content- based inverse firewalls

� Inspect the content of traffic leaving a secured networkInspect the content of traffic leaving a secured networkInspect the content of traffic leaving a secured networkInspect the content of traffic leaving a secured network

� Ensure that sensitive information is kept within an networkEnsure that sensitive information is kept within an networkEnsure that sensitive information is kept within an networkEnsure that sensitive information is kept within an network

29/30

ContentsContentsContentsContents

FIND Introduction

Manageability

Security

Architecture

Summary

30/30

SummarySummarySummarySummary

� FIND projectsFIND projectsFIND projectsFIND projects

� Architecture

� Virtualization

� Manageability

� Security

� University CoursesUniversity CoursesUniversity CoursesUniversity Courses

� FIND projects into the curriculums