1 UC Berkeley Engineering 2 Technology Center, Enterprise Solutions, Nortel Networks3 Department of Computer Science, University of Maryland

Tal Lavian 1 ,2 tlavian@cs.Berkeley.edu

Rob Jaeger 2,3 rfj@cs.umd.edu

Active Networks Workshop 1999

OutlineOutline

Bridge between research and marketplace Implementation of Commercial Grade Active

Networks node on Silicon-Based Gigabit L3 Routing Switch

Demo1 - ANTS on AccelarDemo2 - Dynamic Filtering & ConfigurationDemo3- Packets Capture Future: Active Networks Routing Protocols

Bridge between research and Bridge between research and marketplacemarketplace

Bridges the gulf between theory and practiceActive Networks - industry participationPublish the Accelar JVM and development

environmentPublish Linux simulator, tools, and docsScaling up Active Networks Routing Protocol

to commercial networksHeterogeneous Topology - AN/Non AN

AccomplishmentsAccomplishments

JVM on a silicon-based L3 Routing Switch

ORE - Oplet Run-time Environment

Java-enabled Device Architecture

Active Networks apps that dynamically control and modify Silicon-Based Forwarding

Packet Interception

Implementation of Network Forwarding API

Accelar - Industrial Strength Accelar - Industrial Strength Active Networks ImplementationActive Networks Implementation

Up to 96 Gigabit ports (or 384 10/100Mbs + combinations)

50Gbps L3 Switching capacityScaling up to 256Gbps

Natural Migration - 10GbsWAN OC-192

Wire speed - low latencyHigh availabilityLAN/MAN/WAN

5km multi mode, 50km single mode

Centralized, Centralized, CPU-based RouterCPU-based Router

Forwarding-ProcessorsForwarding-Processors based Routerbased Router

Control + ForwardingControl + ForwardingFunctions combinedFunctions combined

Control separatedControl separatedFrom forwardingFrom forwarding

CPU

Routing SW

CPU

Control Plane

Forwarding Processor

Forwarding Processor

Forwarding Processor

Slow Wire Speed

Active Networks - Node Active Networks - Node Architecture Architecture

Device HWOperating System

JVM

Oplet

C/C++API

JavaAPI

DeviceCode

Oplet Runtime Env

DeviceDrivers

JNIJF

WD

AP

I

ORE Service

AN Packet Interception

ORE - Oplet Run-time Environment ORE - Oplet Run-time Environment

ORE - Oplet Run-time Environment ORE - Oplet Run-time Environment

Service A

JVM

ORE

Service B

Oplet 1

Service C

Oplet 2

Why ORE?

ORE ProtectionORE Protection

ORE uses JVM mechanisms to:protect itself from the Opletsprotect Oplets, one from another

Mechanisms include features of the Javatype safety, access control, ByteCode

verification built-in sandbox security manager supportsigned codestrong cryptography infrastructure

ORE ProtectionORE Protection

Java facilities are buttressed by ORE control over the allocation of as many of the system resources as possible

Extra JVM support is necessary to protection against misbehavior by OpletsAccounting of memory and CPU

consumptionPromising possibility for memory

accounting: the ability to partition the object heap to enforce

limits on the memory usage by an Oplet

ANTS on Gigabit RouterANTS on Gigabit RouterDemo - 1Demo - 1

ANTS Demo ConfigurationANTS Demo Configuration

RoutingSwitch loads boot image from TFTP server

RoutingSwitch dynamically loads Oplets from the Class Server

Laptop 1 originates the pingRouter gets Ping code from Laptop

1.Router “evaluates” ping Ping forwarded to Laptop2Laptop 2 requests codeLaptop 2 perform ping reply

ORE Services

1. Class Server 2. TFTP Server

Laptop 1

Laptop 2 Java-enabled

Routing Switch

Laptop 1

AN Ping

Laptop 2

AN Ping

ORE Services

Java-enabled Routing Switch

AN Ping

Demo 1

ANTS DemoANTS Demo

AN_PingApplication

ANTS EE

AN_PingApplication

PingCapsule

ANTS EEService

DLBootstrap Capsule

DLRequest Capsule

DLResponse Capsule

JVMOREJVM

WIN-95 Routing Switch

ANTS DemoANTS Demo

Java application running on the routerORE facilitate downloading servicesInteroperable with ANTS DistributionMinimum changes to make it conform to ORE

service specification

Dynamic Filtering & Configuring Dynamic Filtering & Configuring Demo - 2Demo - 2

Dynamic Configuration of Forwarding Dynamic Configuration of Forwarding Rules Rules

CPU

ForwardingProcessor

ForwardingProcessor

ForwardingProcessor

ForwardingProcessor

ForwardingRules

SW

HW

ForwardingRules

ForwardingRules

ForwardingRules

AN Apps

Real-time forwarding Stats and Real-time forwarding Stats and Monitors Monitors

CPU

SW

HW

AN Apps

ForwardingProcessor

ForwardingRules

Statistics &Monitors

ForwardingProcessor

ForwardingRules

Statistics &Monitors

ForwardingProcessor

ForwardingRules

Statistics &Monitors

Dynamic - On the Fly Dynamic - On the Fly ConfigurationConfiguration

ForwardingProcessor

ForwardingProcessor

Pac

ket

Policy

Filters

AN Apps

Packet

Pack

et Filte

r

Demo 2

Dynamic - On the Fly ConfigurationDynamic - On the Fly Configuration

From downloadable Java application, we can dynamically modify the behavior of the Forwarding Processors (ASICs)

Active Networks Packets Active Networks Packets InterceptionInterception

Demo 3 - Demo 3 -

Active Networks Packet Active Networks Packet CaptureCapture

CPU

ForwardingProcessor

ForwardingProcessor

ForwardingProcessor

ForwardingProcessor

AN Apps

JFWD to Divert or Copy

Wire Speed

Pac

ket

Demo 3

Packet DivertPacket Divert

Active Network topology is unknown

ANEP packets NOT addressed to this node are delivered to the control plane for processing

ANEP daemon receives packets and delivers them to the appropriate EE based on TypeID

ASICFilter

ANEP

Execution Environment

Execution Environment

ANEP packet

AN Routing Protocol

Application

Active Networks Packet CaptureActive Networks Packet Capture

Be able to get the packets from the forwarding plane to the control plane

Process Active Networks packets in the control plane

Enabler for Active Network routing protocols

Scaling up Active Networks Scaling up Active Networks Routing Protocol to commercial Routing Protocol to commercial networks networks

Scaling up Active Networks Scaling up Active Networks Routing Protocol to commercial Routing Protocol to commercial networks networks

Overcome the need to predefine the next hopOvercome the need to predefine the next hopNo need to know AN topology a head of timeDivert/CarbonCopy specific packets to

control plane (e.g. packets on ANEP port )Wire speed of all other packetsEnd to end forwardingFuture: Active Networks Routing Protocols

Mixed Topology of AN systemMixed Topology of AN system

- AN Node - Non AN Node

NO need to know the AN topology ahead of time

Virtual Topology of AN Virtual Topology of AN systemsystem

- AN Node - Non AN Node

NO need to know the AN topology ahead of time

SummarySummary

Bridge between research and marketplace Implementation of commercial grade Active

Networks node on Silicon-Based Gigabit L3 Routing Switch

ORE - Oplet Run-time Environment Demo 1 - ANTS on AccelarDemo 2 - Dynamic Filtering & Configuration Demo 3 - Packets Capture to control planeFuture : Enables Active Networks Routing

Protocols