(Future Internet Design) - SNUmmlab.snu.ac.kr/courses/2007_advanced_internet/handout/20071126... ·...
-
Upload
truongkhue -
Category
Documents
-
view
217 -
download
0
Transcript of (Future Internet Design) - SNUmmlab.snu.ac.kr/courses/2007_advanced_internet/handout/20071126... ·...
FINDFINDFINDFIND(Future Internet Design)(Future Internet Design)(Future Internet Design)(Future Internet Design)
26th. Nov. 200726th. Nov. 200726th. Nov. 200726th. Nov. 2007Lee, ChoonghoLee, ChoonghoLee, ChoonghoLee, Choongho
[email protected]@[email protected]@mmlab.snu.ac.kr
3/30
FIND IntroductionFIND IntroductionFIND IntroductionFIND Introduction
� FIND (FIND (FIND (FIND (FFFFuture uture uture uture ININININternetternetternetternet DDDDesign)esign)esign)esign)
� A major new long- term initiative of the NSF NeTS research program
� FIND Kickoff meeting, November 8/ 9, 2006
� Seek to find out answers toSeek to find out answers toSeek to find out answers toSeek to find out answers to
� How can we design a network that is fundamentally more secure and available than today's Internet?
� How might such functions as information dissemination, location management or identity management best fit into a new network architecture?
� What will be the long- term impact of new technologies such as advanced wireless and optics?
� How will economics and technology interact to shape the overall design of a future network?
� How do we design a network that preserves a free and open society?
4/30
FIND IntroductionFIND IntroductionFIND IntroductionFIND Introduction
� Security and robustnessSecurity and robustnessSecurity and robustnessSecurity and robustness
� Easier to manageEasier to manageEasier to manageEasier to manage
� Interconnect the computers of 10 years outInterconnect the computers of 10 years outInterconnect the computers of 10 years outInterconnect the computers of 10 years out
� Support new applicationsSupport new applicationsSupport new applicationsSupport new applications
� Take advantage of new network technology 10 years outTake advantage of new network technology 10 years outTake advantage of new network technology 10 years outTake advantage of new network technology 10 years out
� Recognize the importance of nonRecognize the importance of nonRecognize the importance of nonRecognize the importance of non---- technical considerationstechnical considerationstechnical considerationstechnical considerations
5/30
FIND IntroductionFIND IntroductionFIND IntroductionFIND Introduction
� 41 FIND41 FIND41 FIND41 FIND---- Funded ProjectsFunded ProjectsFunded ProjectsFunded Projects
� ArchitectureArchitectureArchitectureArchitecture
� An Architecture for a Diversified Internet
� CABO: Concurrent Architectures are Better Than One
� ManageabilityManageabilityManageabilityManageability
� Design for Manageability in the Next Generation Internet
� SecuritySecuritySecuritySecurity
� Designing Secure Networks from the Ground- Up
� Enabling Defense and Deterrence through Private Attribution
7/30
Architecture Architecture Architecture Architecture
� Problems of the TodayProblems of the TodayProblems of the TodayProblems of the Today’s Internets Internets Internets Internet
� Deployment of significant improvements
� It needs significant capital investment & Universal agreement
� No Internet Service Provider has control over an entire end- to- end
path
� ISPs cannot enhance end- to- end service
� Difficult to deploy
� IP multicast
� Secure routing protocol
� Differentiated services
� Network virtualizationNetwork virtualizationNetwork virtualizationNetwork virtualization
� An Architecture for a Diversified Internet
� CABO : Concurrent Architectures are Better Than One
8/30
An Architecture for a Diversified InternetAn Architecture for a Diversified InternetAn Architecture for a Diversified InternetAn Architecture for a Diversified Internet
� Network virtualizationNetwork virtualizationNetwork virtualizationNetwork virtualization
� Make virtualization a central architectural component of new
Internet architecture
� Diversified Internet
� Multiple end- to- end packet forwarding systems
� A diverse set of protocols and various different services within a
common infrastructure or substrate
� Each network is a metanetwork, which provides e2e delivery
� Consists of metarouters (on top of substrate routers) and metalinks
� Substrate routers provide generic and programmable processing
resources, located between layers 2 and 3
� Objectives
� Enable diverse metanetworks to co- exist
� Allow introduction of new network architectures at any time
� Stimulate development of applications
9/30
many substratedomains
metanetsspan multipledomains
An Architecture for a Diversified InternetAn Architecture for a Diversified InternetAn Architecture for a Diversified InternetAn Architecture for a Diversified Internet
� Substrate Domains in Diversified InternetSubstrate Domains in Diversified InternetSubstrate Domains in Diversified InternetSubstrate Domains in Diversified Internet
10/30
An Architecture for a Diversified InternetAn Architecture for a Diversified InternetAn Architecture for a Diversified InternetAn Architecture for a Diversified Internet
� Substrate architectureSubstrate architectureSubstrate architectureSubstrate architecture
� Located between L2 and L3
� Data plane – flexible metalink support
� Control plane� configuring metanets
� metaroutersmetaroutersmetaroutersmetarouters and and and and metalinksmetalinksmetalinksmetalinks
� control communication and support services
� Architectural neutrality and security
� MetalinkMetalinkMetalinkMetalink
� Abstraction of an underlying physical link
� MetarouterMetarouterMetarouterMetarouter
� PE (Processing Engine)
� Meta- interface� logical endpoint for a metalink
� Send and receive packets across
meta- interface
11/30
An Architecture for a Diversified InternetAn Architecture for a Diversified InternetAn Architecture for a Diversified InternetAn Architecture for a Diversified Internet
� Architectural NeutralityArchitectural NeutralityArchitectural NeutralityArchitectural Neutrality
� Allow maximum diversity among metanets
� Enable wide variety of protocols, service models
� Minimize substrate role, maximize metanet role
� Substrate will be difficult to change
� Metanets should handle all things that may change
� Security and mobility
� Enable secure metanets
� Enable metanets that support mobility
� Minimize substrate role in providing security, mobility to
enable on- going improvements
� Limit substrate to resource provisioning role
� No end- to- end packet delivery at substrate level
� Provides “raw” resources to metanets
� Diversity of resource types, open to new types
12/30
An Architecture for a Diversified InternetAn Architecture for a Diversified InternetAn Architecture for a Diversified InternetAn Architecture for a Diversified Internet
� Experimental Experimental Experimental Experimental metanetworksmetanetworksmetanetworksmetanetworks
� Publish- subscribe metanet for distributed simulation
� Omnidirectional multicast distribution trees with interest filters
� High performance location- based filtering
� Large- scale science metanet
� Advance scheduling of bulk transfers
� Reconsidering fairness for on- demand schedules
� Research PlanResearch PlanResearch PlanResearch Plan
� Substrate design and development
� Dynamic publish subscribe metanet
� Large- scale science metanet
� Integration with GENI
13/30
CABOCABOCABOCABO
� CABO : Concurrent Architectures are Better Than OneCABO : Concurrent Architectures are Better Than OneCABO : Concurrent Architectures are Better Than OneCABO : Concurrent Architectures are Better Than One
� Philosophy : Virtualization is the architecturePhilosophy : Virtualization is the architecturePhilosophy : Virtualization is the architecturePhilosophy : Virtualization is the architecture
� Make the infrastructure support multiple architectures in parallel
� Separating infrastructure providers from the service providers
� Infrastructure providers
� Maintain physical infrastructure needed to build networksMaintain physical infrastructure needed to build networksMaintain physical infrastructure needed to build networksMaintain physical infrastructure needed to build networks
� Service providers
� Lease Lease Lease Lease “slicesslicesslicesslices” of physical infrastructure from one or more providers by of physical infrastructure from one or more providers by of physical infrastructure from one or more providers by of physical infrastructure from one or more providers by
constructing a virtual networkconstructing a virtual networkconstructing a virtual networkconstructing a virtual network
14/30
CABOCABOCABOCABO
� EndEndEndEnd---- totototo---- End ServicesEnd ServicesEnd ServicesEnd Services
� Secure routing protocols
� Paths with end- to- end performance guarantees
Today Cabo
Competing ISPs
with different goals
must coordinate
Single service
provider controls
end-to-end path
15/30
CABOCABOCABOCABO
� AdvantagesAdvantagesAdvantagesAdvantages
� Availability
� Providing good performance for real- time applications
� Topology specific routing protocols
� Evolvability
� Testing of new router software
� Evaluating research prototypes
� Economic incentives
� Enabling innovation in network service
� Customized network services
� Co- location
16/30
ContentsContentsContentsContents
FIND Introduction
Manageability
Security
Architecture
Summary
17/30
Design for Manageability in the Next Generation Design for Manageability in the Next Generation Design for Manageability in the Next Generation Design for Manageability in the Next Generation InternetInternetInternetInternet
� Requirements for manageability in the future internetRequirements for manageability in the future internetRequirements for manageability in the future internetRequirements for manageability in the future internet
� 6 nines (99.9999%) availability� Less than one seconds down time per month
� 4 nines (99.99%) compliance� The ability to meet specified performance target (service level
agreements)
� Attack resilience
� Dynamic configuration
� Ubiquitous mobile system, virtual/ overlay networks
� Efficient management
� GoalGoalGoalGoal
� Automated management
� Intrinsic management support
� Real- time change detection
� Pervasive data sharing
18/30
Design for Manageability in the Next Generation Design for Manageability in the Next Generation Design for Manageability in the Next Generation Design for Manageability in the Next Generation InternetInternetInternetInternet
� Management functionsManagement functionsManagement functionsManagement functions
� Automated
� Rely on Embedded capabilities in the networks
� Management building block : Management building block : Management building block : Management building block : ComposableComposableComposableComposable basic technologiesbasic technologiesbasic technologiesbasic technologies
� Ubiquitous instrumentation
� Protocols for data sharing
� Protocols for end host signaling
� Event detection mechanisms
� Management Data Repository
� Composable Management
19/30
Design for Manageability in the Next Generation Design for Manageability in the Next Generation Design for Manageability in the Next Generation Design for Manageability in the Next Generation InternetInternetInternetInternet
� Ubiquitous instrumentation Ubiquitous instrumentation Ubiquitous instrumentation Ubiquitous instrumentation
� Collect data for network management
� Represent a fundamental change in how systems, protocols and applications are build today
� Link utilization, latency, traffic flows, congestion/ loss, jitter, route updates
� Considering the trade- offs and impact on the infra � Active and passive measurement methods
� Protocols for data sharing Protocols for data sharing Protocols for data sharing Protocols for data sharing
� Automation of global decisions within the context of centralized or distributed management policies is more powerful
� Inter- and intra- network data sharing is required� Need protocols and mechanisms for data sharing that are reliable,
secure
� Considering the trade- offs and impact on the infra � data representation, push vs pull, data transfer mechanisms, security,
authorization, privacy
20/30
Design for Manageability in the Next Generation Design for Manageability in the Next Generation Design for Manageability in the Next Generation Design for Manageability in the Next Generation InternetInternetInternetInternet
� Protocols for end host signaling Protocols for end host signaling Protocols for end host signaling Protocols for end host signaling
� End hosts transmit meta data to the network management infra
� Considering the trade- offs and impact on the infra
� Required data, representation of data, the scope for transmitting data,
method for ensuring trust, privacy
� Event detection mechanisms Event detection mechanisms Event detection mechanisms Event detection mechanisms
� Detect when and where the network is unavailable or non-
compliant
� Considering the trade- offs
� Data requirements (how, when, where, what instrumentation will be
deployed)
� Detection accuracy, timeliness, computational requirements
21/30
Design for Manageability in the Next Generation Design for Manageability in the Next Generation Design for Manageability in the Next Generation Design for Manageability in the Next Generation InternetInternetInternetInternet
� Management Data RepositoryManagement Data RepositoryManagement Data RepositoryManagement Data Repository
� Building and maintaining
� centralized vs. distributed management data repositories
� query mechanisms required to support management decision
� ComposableComposableComposableComposable ManagementManagementManagementManagement
� Methods for composability of all development management
building block
� Research Schedule and MilestonesResearch Schedule and MilestonesResearch Schedule and MilestonesResearch Schedule and Milestones
� Year 1 : develop a series of initial designs for each of the basic
building blocks
� Year 2 : development of building block with the intention of
deployment in local live network environments
� Year 3 : expand building block testing and build new prototypes
22/30
ContentsContentsContentsContents
FIND Introduction
Manageability
Security
Architecture
Summary
23/30
Designing Secure Networks from the GroundDesigning Secure Networks from the GroundDesigning Secure Networks from the GroundDesigning Secure Networks from the Ground---- UpUpUpUp
� To Build a secure networkTo Build a secure networkTo Build a secure networkTo Build a secure network
� Require all traffic flows to signal their origin and intent
� IP address : not reliable to be use as part of a security policy
� Private vs. Public SettingPrivate vs. Public SettingPrivate vs. Public SettingPrivate vs. Public Setting
� Private environment
� In a single administrative domain or a private network
� Strict access controls
� Centrally administered to meet a well- defined security policy
� Authentication
� ex) private network
� Public environment
� Transcend organizational boundaries
� Not centrally administered nor adhere to a unified security policy
� ex) public Internet server
24/30
Designing Secure Networks from the GroundDesigning Secure Networks from the GroundDesigning Secure Networks from the GroundDesigning Secure Networks from the Ground---- UpUpUpUp
� SANE (Security Architecture for Networked Enterprises)SANE (Security Architecture for Networked Enterprises)SANE (Security Architecture for Networked Enterprises)SANE (Security Architecture for Networked Enterprises)
� Principle
� Least privilege : only access end- hosts for which they are granted explicit permission
� Least knowledge : only information to forward packet to the next hop
� Users
� Need to authenticate and get explicit permission from a centrally administered domain controller
� Reach the the DC by the proscribed path
� The origin and the intent of the traffic is always knownThe origin and the intent of the traffic is always knownThe origin and the intent of the traffic is always knownThe origin and the intent of the traffic is always known
� DC (Domain Controller)
� Single repository where all network security policy is specified
� Has a complete view of network topology
� Capability : encrypted switch- level source route b/ w two communication end points
� Simple- to- define access policies
� The policies expressed in plain English
� No user, switch or end- host has more information that It absolutely needs
25/30
Designing Secure Networks from the GroundDesigning Secure Networks from the GroundDesigning Secure Networks from the GroundDesigning Secure Networks from the Ground---- UpUpUpUp
SANE Service Model Packet Forwarding
26/30
Designing Secure Networks from the GroundDesigning Secure Networks from the GroundDesigning Secure Networks from the GroundDesigning Secure Networks from the Ground---- UpUpUpUp
� InSANEInSANEInSANEInSANE
� Extension of SANE- like control to public flows
� Modify end- host APIs to signal their intent to the network or to
other end- hosts
� The network infra and end hosts make meaningful decisions with
this information
� Private- to- public
� Handshake service
� Service provider checks clients are legitimate Service provider checks clients are legitimate Service provider checks clients are legitimate Service provider checks clients are legitimate
� After handshake, forward legitimate traffic to the backend serveAfter handshake, forward legitimate traffic to the backend serveAfter handshake, forward legitimate traffic to the backend serveAfter handshake, forward legitimate traffic to the backend serverrrr
� Private- to- private
� Each private network trusts the other
� Creation of isolated networks
� A best effort datagram service over these network
27/30
Enabling Defense and Deterrence through private Enabling Defense and Deterrence through private Enabling Defense and Deterrence through private Enabling Defense and Deterrence through private attributionattributionattributionattribution
� TodayTodayTodayToday’s internets internets internets internet
� Extremely vulnerable to motivated and well- equipped attackers
� Defense and DeterrentDefense and DeterrentDefense and DeterrentDefense and Deterrent
� Defense
� Mechanisms that impede the activities of an adversary
� Block an adversary’s current attack without a meaningful risk of being
caught
� Deterrent
� Effective means of attribution
� Tying an individual to an actionTying an individual to an actionTying an individual to an actionTying an individual to an action
� Physical forensic evidence in physical worldPhysical forensic evidence in physical worldPhysical forensic evidence in physical worldPhysical forensic evidence in physical world
� Most research in network security focuses on defense
� The security in the future internet requires a balance b/ w defenses
and deterrent
28/30
Enabling Defense and Deterrence through private Enabling Defense and Deterrence through private Enabling Defense and Deterrence through private Enabling Defense and Deterrence through private attributionattributionattributionattribution
� Mechanism Mechanism Mechanism Mechanism
� Enables non- repudiatable trackback and attack mitigation
� Preserving sender privacy through the use of shared- secret key
� Key fundamental of a securityKey fundamental of a securityKey fundamental of a securityKey fundamental of a security
� Privacy- preserving per- packet attribution based on group
signatures
� Any network element is allowed to verify that a packet was sent by a
member of a given group
� 1 Group manager (privileged), n group members (unprivileged)
� Anyone can use group’s public key and verify a message
� Group manager can open a message and get an identity of a member
� Content- based privacy assurance
� Content- based inverse firewalls
� Inspect the content of traffic leaving a secured networkInspect the content of traffic leaving a secured networkInspect the content of traffic leaving a secured networkInspect the content of traffic leaving a secured network
� Ensure that sensitive information is kept within an networkEnsure that sensitive information is kept within an networkEnsure that sensitive information is kept within an networkEnsure that sensitive information is kept within an network
29/30
ContentsContentsContentsContents
FIND Introduction
Manageability
Security
Architecture
Summary