NETKIT (A Software Component-Based Approach to Programmable Network) Yunho Jung Mobile Broadband Communication Lab in Konkuk Univ

1 Programmable Network Component based computational model NETKIT Architecture Examples Using NETKIT Presentation Contents

Programmable Network

Component based computational model

NETKIT Architecture

Examples Using NETKIT

What is Programmable Network? Active Network paradigm Open signaling Paradigm Run-time Reconfiguration Current Paradigm I. Programmable Network

What is Programmable Network?

Active Network paradigm

Open signaling Paradigm

Run-time Reconfiguration

Current Paradigm

Why come out Increasing demand to add new services to networks or to customize existing network services to match new application needs . What is Programmable Network? I. Programmable Network Simplify the deployment of new network services , leading to networks that explicitly support the process of service creation and deployment .

Why come out

Increasing demand to add new services to networks or to customize existing network services to match new application needs .

Simplify the deployment of new network services , leading to networks that explicitly support the process of service creation and deployment .

Architecture What is Programmable Network I. Programmable Network Hardware abstraction : Minimal OS functionality for support higher lever network programmability In-band functions : Low level, in-band, fine-grained, packet forwarding (highly performance critical) Application services : Programs in the Active Network sense and act on pre-selected flow Coordination: Out-of-band signaling protocols (RSVP, dPVN coordination protocols) Transport plane Management plane Control plane Coordination Application services In-band functions Hardware abstraction Communication model Computation model

Architecture

Hardware abstraction :

Minimal OS functionality for support higher lever network programmability

In-band functions :

Low level, in-band, fine-grained, packet forwarding

(highly performance critical)

Application services :

Programs in the Active Network sense and act on pre-selected flow

Coordination:

Out-of-band signaling protocols

(RSVP, dPVN coordination protocols)

Generalized Programmable Network Frameworks What is Programmable Network I. Programmable Network Node Kernel Node HW Network Programming Environment Programmable Network Architecture Node Kernel Computational Model Communication Model Node interfaces Network programming interfaces Node HW

Generalized Programmable Network Frameworks

Active Network Paradigm Applications have insufficient information about the network to make informed decisions - e.g.) where can I get more bandwidth Service providers have little control over how their traffic is handled - No customization Implication to active network I. Programmable Network

Applications have insufficient information about the network to make informed decisions - e.g.) where can I get more bandwidth

Service providers have little control over how their traffic is handled - No customization

Implication to active network

Active Network Dynamic deployment of new Internet services Focus on stratum 1(hardware abstraction) and stratum 3(application services) Active packets that execute on ‘ active nodes ’. What does it mean to make the nodes active? Packets carry code Next hop determined by executing code in a router (i.e. actively as opposed to passive table lookup Active Network Paradigm I. Programmable Network

Active Network

Dynamic deployment of new Internet services

Focus on stratum 1(hardware abstraction) and stratum 3(application services)

Active packets that execute on ‘ active nodes ’.

What does it mean to make the nodes active?

Packets carry code

Next hop determined by executing code in a router (i.e. actively as opposed to passive table lookup

Security Un-trusted user code execution in core routers Do not provide a general framework addressing the security concerns of Network Operators or do so by developing heavy security architectures that strongly penalize performance . Performance Sharing control and communication network resources among several parties needs coordination in the form of middleware actors, resource managements. Unified interface It is impossible to foresee all the ways in which networking might evolve, programming interfaces, if not carefully designed, are in themselves a restriction to innovation Active Network Paradigm I. Programmable Network

Security

Un-trusted user code execution in core routers

Do not provide a general framework addressing the security concerns of Network Operators or do so by developing heavy security architectures that strongly penalize performance .

Performance

Sharing control and communication network resources among several parties needs coordination in the form of middleware actors, resource managements.

Unified interface

It is impossible to foresee all the ways in which networking might evolve, programming interfaces, if not carefully designed, are in themselves a restriction to innovation

Open Signaling Routers export ‘ control interfaces ’ through which they can be remotely (re)configured by out-of-band, application specific, signaling, protocols. Easier to deploy, easier to secure , and typically performs better that Java0based active networking system Focus on stratum 2 and stratum 4 Out-of-band Active Down-loadable modules are dynamically installed onto routers through some out-of-band mechanism. Deploy-ability and security vulnerability approach Open Signaling Paradigm I. Programmable Network

Open Signaling

Routers export ‘ control interfaces ’ through which they can be remotely (re)configured by out-of-band, application specific, signaling, protocols.

Easier to deploy, easier to secure , and typically performs better that Java0based active networking system

Focus on stratum 2 and stratum 4

Out-of-band Active

Down-loadable modules are dynamically installed onto routers through some out-of-band mechanism.

Deploy-ability and security vulnerability approach

run-time reconfiguration Support the subsequent reconfiguration of a running system . To accommodate newly discovered services in a ubiquitous computing environment To reconfigure an ad-hoc network To adjust the resource allocated to a dynamic private virtual network Still fail to adequately support the management of system integrity over reconfiguration operations. (e.g. Firewall rule, resource allocation problem like starvation) use of reflection model (flexible) Checking the integrity of coordination control code being downloaded into an execution environment Dynamic reconfiguration of downloaded control code Reconfiguration through dynamic linking Run-time Configuration I. Programmable Network

run-time reconfiguration

Support the subsequent reconfiguration of a running system .

To accommodate newly discovered services in a ubiquitous computing environment

To reconfigure an ad-hoc network

To adjust the resource allocated to a dynamic private virtual network

Still fail to adequately support the management of system integrity over reconfiguration operations. (e.g. Firewall rule, resource allocation problem like starvation)

use of reflection model (flexible)

Checking the integrity of coordination control code being downloaded into an execution environment

Dynamic reconfiguration of downloaded control code

Reconfiguration through dynamic linking

Current Paradigm I. Programmable Network language, platform, and paradigm-independent programming model that can be uniformly applied in all strata Flexible support for both the configuration and run-time reconfiguration in all strata Transport plane Management plane Control plane Coordination(OS, Alan) Application services(AN, Alan) In-band functions(OS) Hardware abstraction(OSKIT,SCOUT) Communication model Computation model

language, platform, and paradigm-independent programming model that can be uniformly applied in all strata

Flexible support for both the configuration and run-time reconfiguration in all strata

NETKIT Proposal Component-Based Model Reflective Meta-Models Component Frameworks Potential Benefits I I. Component based approach

NETKIT Proposal

Component-Based Model

Reflective Meta-Models

Component Frameworks

Potential Benefits

A globally applied component based approach A Language-, platform-, and paradigm-independent component based programming model Uniformly applicable in all four strata without performance delay Built-in generic and flexible support for management Both configuration and reconfiguration of mechanisms and services in all strata NETKIT Proposal II. Component based Approach Three pronged approach

A globally applied component based approach

A Language-, platform-, and paradigm-independent component based programming model

Uniformly applicable in all four strata without performance delay

Built-in generic and flexible support for management

Both configuration and reconfiguration of mechanisms and services in all strata

Three pronged approach

Component Technology System element offering a predefined service or event, and able to communicate with other components. Components are packaged in a binary form and can be dynamically deployed within an address space. With component technology, one can configure and reconfigure systems by adding, removing or replacing their constituent components. Increased reusability , dynamic extensibility , improved understandability, reduced development costs, and better support for long term system evolution. Component-Based Model II. Component based Approach NETKIT Purpose To provide a lightweight, non-distributed, language independent component model Independent of any such infrastructure Apply ubiquitously

Component Technology

System element offering a predefined service or event, and able to communicate with other components.

Components are packaged in a binary form and can be dynamically deployed within an address space.

With component technology, one can configure and reconfigure systems by adding, removing or replacing their constituent components.

Increased reusability , dynamic extensibility , improved understandability, reduced development costs, and better support for long term system evolution.

NETKIT Purpose

To provide a lightweight, non-distributed, language independent component model

Independent of any such infrastructure

Apply ubiquitously

Component-Based Model II. Component based Approach Interface Strongly typed and consist of a set of data-typed definitions and operation signature Programming-language-independent interface(e.g. OMG IDL or Miscrosoft IDL) Receptacle ‘ Anti-interface’; whereas an interface expresses a unit of service provision, a receptacle expresses a unit of service requirement Used to make explicit a dependency of one component on another Binding Associations between receptacles and interfaces that reside in the same capsule. Implemented minimally and with negligible or low overhead bindings are abstract , there is no prescription of a particular underlying implementation.

Interface

Strongly typed and consist of a set of data-typed definitions and operation signature

Programming-language-independent interface(e.g. OMG IDL or Miscrosoft IDL)

Receptacle

‘ Anti-interface’; whereas an interface expresses a unit of service provision, a receptacle expresses a unit of service requirement

Used to make explicit a dependency of one component on another

Binding

Associations between receptacles and interfaces that reside in the same capsule.

Implemented minimally and with negligible or low overhead

bindings are abstract , there is no prescription of a particular underlying implementation.

Component-Based Model II. Component based Approach Capsules Provide a run-time environment for a set of component instances that are mutually participating in bindings Provide generic services for dynamically loading and unloading components, and for creating and destroying bindings. Third-party manners ; available from outside the capsule to support external third-party loading and binding Why use Capsules Can be possible to render the (un)loading and (un)binding of components subject to security constraints and safety constraints Capsules form the basis of a generic component model that, in turn, serves as the basis for any desired programmable networking functionality

Capsules

Provide a run-time environment for a set of component instances that are mutually participating in bindings

Provide generic services for dynamically loading and unloading components, and for creating and destroying bindings.

Third-party manners ; available from outside the capsule to support external third-party loading and binding

Why use Capsules

Can be possible to render the (un)loading and (un)binding of components subject to security constraints and safety constraints

Capsules form the basis of a generic component model that, in turn, serves as the basis for any desired programmable networking functionality

Component-Based Model II. Component based Approach Portability problem for support wide range or hardware platforms Some platforms will suffer sub-optimal performance A standard API precludes the exploitation of specialised platform-specific hardware The work involved in porting a comprehensive API is likely to be significant in itself. How can solve Portability problem Radical micro-kernel architectures Define two levels of portability - component model is kept as simple as possible , and relies on an absolute minimum of system support - All further system-oriented and hardware specific functionality is implemented in terms of the component model itself Benefit Easily ported and deployed Do not need service change, if requirements change/evolve

Portability problem for support wide range or hardware platforms

Some platforms will suffer sub-optimal performance

A standard API precludes the exploitation of specialised platform-specific hardware

The work involved in porting a comprehensive API is likely to be significant in itself.

How can solve Portability problem

Radical micro-kernel architectures

Define two levels of portability - component model is kept as simple as possible , and relies on an absolute minimum of system support - All further system-oriented and hardware specific functionality is implemented in terms of the component model itself

Benefit

Easily ported and deployed

Do not need service change, if requirements change/evolve

Reflective Architecture Provides tools for handling reflective computation explicitly. Access to data representing the system itself. Guarantee the causal connection between these data and the aspects of the system. Reflection is that meta-models relate to the underlying system. Reflective Meta-Models II. Component based Approach Meta-models are causally connected Adaption : To change behavior along dimensions that are foreseen at deployment time Extension : To add new behavior unforeseen at deployment time Inspection : Inspect current configurations need when adaption and extension process

Reflective Architecture

Provides tools for handling reflective computation explicitly.

Access to data representing the system itself.

Guarantee the causal connection between these data and the aspects of the system.

Reflection is that meta-models relate to the underlying system.

Meta-models are causally connected

Adaption : To change behavior along dimensions that are foreseen at deployment time

Extension : To add new behavior unforeseen at deployment time

Inspection : Inspect current configurations need when adaption and extension process

Reflective Meta-Models II. Component based Approach Architecture meta-model Inspection, adaptation and extension of component composition Interception meta-model pre- and post method call interception of invocation being made across bindings Interface meta-model Navigation of interfaces, receptacles on a component, inspection of interface/receptacle signatures Resources meta-model Represent types and quantities of resource

Architecture meta-model

Inspection, adaptation and extension of component composition

Interception meta-model

pre- and post method call interception of invocation being made across bindings

Interface meta-model

Navigation of interfaces, receptacles on a component, inspection of interface/receptacle signatures

Resources meta-model

Represent types and quantities of resource

Component Frameworks What is Component Frameworks “ CFs are collections of rules and interfaces that govern the interaction of components ‘plugged into’ them “ – Szyperski CFs are targeted at a specific domain and embody ‘rules and interfaces’ that make sense in that domain. Domain-specific ‘life-support environment’ for plug-in components . Benefit of Component Frameworks CFs can be loaded/unloaded dynamically . Hierarchical composition . CFs can also provide CF-specific reflective meta-models that embody domain specific semantics II. Component based Approach

What is Component Frameworks

“ CFs are collections of rules and interfaces that govern the interaction of components ‘plugged into’ them “ – Szyperski

CFs are targeted at a specific domain and embody ‘rules and interfaces’ that make sense in that domain.

Domain-specific ‘life-support environment’ for plug-in components .

Benefit of Component Frameworks

CFs can be loaded/unloaded dynamically .

Hierarchical composition .

CFs can also provide CF-specific reflective meta-models that embody domain specific semantics

Potential Benefits NETKIT propose a globally Component-based approach to programmable networking Uniform programming model . (Components everywhere) Reflective meta-models. (flexibility, openness). Component frameworks (structure, constraint) Approach already validated in reflective middleware environment Potential benefits Vertical integration Language and system independence Fundamental support for the management of configuration and reconfiguration Support for multiple programmable networking paradigms, and framework for integration of existing techniques, software …. II. Component based Approach

NETKIT propose a globally Component-based approach to programmable networking

Uniform programming model . (Components everywhere)

Reflective meta-models. (flexibility, openness).

Component frameworks (structure, constraint)

Approach already validated in reflective middleware environment

Potential benefits

Vertical integration

Language and system independence

Fundamental support for the management of configuration and reconfiguration

Support for multiple programmable networking paradigms, and framework for integration of existing techniques, software ….

What is NETKIT NETKIT implementation III . NETKIT architecture

What is NETKIT

NETKIT implementation

What is NETKIT Computer networks are quite complex Several device Several interfaces. Several protocols running Physical interconnections originate complex topologies How to perform experiments Performing experiments may be unfeasible The current used network cannot be exploited for experiments Network equipments are expensive Simulation vs. emulation Simulation systems aim at reproducing the performance of the real-life system (e.g. NS-2) Emulation systems aim at accurately reproducing the functionalites of a real-life system (configurations, architectures, protocols), with limited attention to performance (e.g. NETKIT) III. NETKIT architecture

Computer networks are quite complex

Several device

Several interfaces.

Several protocols running

Physical interconnections originate complex topologies

How to perform experiments

Performing experiments may be unfeasible

The current used network cannot be exploited for experiments

Network equipments are expensive

Simulation vs. emulation

Simulation systems aim at reproducing the performance of the real-life system (e.g. NS-2)

Emulation systems aim at accurately reproducing the functionalites of a real-life system (configurations, architectures, protocols), with limited attention to performance (e.g. NETKIT)

What is NETKIT What is NETKIT? A set of tools and commands that can be used to easily set up a virtual computer network NETKIT (most) command are implemented as scripts A ready-to-use file-system that is exploited as a pattern for creating the file system of each virtual machine Most commonly used networking tools are already installed in this file-system A User Mode Linux(UML) that is used as kernel for virtual machines UML is a Linux kernel that can be executed as a user process on a standard Linux box III. NETKIT architecture

What is NETKIT?

A set of tools and commands that can be used to easily set up a virtual computer network

NETKIT (most) command are implemented as scripts

A ready-to-use file-system that is exploited as a pattern for creating the file system of each virtual machine

Most commonly used networking tools are already installed in this file-system

A User Mode Linux(UML) that is used as kernel for virtual machines

UML is a Linux kernel that can be executed as a user process on a standard Linux box

What is NETKIT III. NETKIT architecture

NETKIT Implementation Unified component concept A multi-address-space capsule CF Offers a powerful and general means of abstracting over tightly coupled but heterogeneous hardware A plug-in loader CF Third-party loading in address spaces other A plug-in binder CF Bind itself to the newly-loaded component without being aware of different form itself III. NETKIT architecture

Unified component concept

A multi-address-space capsule CF

Offers a powerful and general means of abstracting over tightly coupled but heterogeneous hardware

A plug-in loader CF

Third-party loading in address spaces other

A plug-in binder CF

Bind itself to the newly-loaded component without being aware of different form itself

Simple network with two routers Understanding ARP when routers are involved IV . Examples using NETKIT

Simple network with two routers

Understanding ARP when routers are involved

Simple Network with two routers Network topology high level view IV. Examples using NETKIT

Network topology high level view

Simple Network with two routers Network topology configuration details IV. Examples using NETKIT

Network topology configuration details

Simple Network with two routers Step1 -Virtual Network Setup IV. Examples using NETKIT

Step1 -Virtual Network Setup

Simple Network with two routers Step2 –inspecting routing tables Both routers and PCs don’t know how to reach network that are not directly connected to them Directly connected networks are automatically inserted into the routing table when the corresponding interface is brought up IV. Examples using NETKIT

Step2 –inspecting routing tables

Both routers and PCs don’t know how to reach network that are not directly connected to them

Directly connected networks are automatically inserted into the routing table when the corresponding interface is brought up

Simple Network with two routers Step3 –default routes on PCs To fix the problem we could specify the default route on the PCs Directly connected networks are automatically inserted into the routing table when the corresponding interface is brought up IV. Examples using NETKIT

Step3 –default routes on PCs

To fix the problem we could specify the default route on the PCs

Directly connected networks are automatically inserted into the routing table when the corresponding interface is brought up

Simple Network with two routers Step4 –route setting But routers don’t know each other. So, configuration a static route into R1 and R2 IV. Examples using NETKIT

Step4 –route setting

But routers don’t know each other.

So, configuration a static route into R1 and R2

Understanding ARP Network topology high level view IV. Examples using NETKIT

Network topology high level view

Understanding ARP Network topology configuration details IV. Examples using NETKIT

Network topology configuration details

Understanding ARP Step1 -Virtual Network Setup IV. Examples using NETKIT

Step1 -Virtual Network Setup

Understanding ARP Step2 –Inspecting the ARP cache (local traffic) Communications are usually bi-directional The Receiver of the ARP request learns the mac address of the other party, to avoid a new ARP in opposite direction(standard behavior, see rfc 826) IV. Examples using NETKIT

Step2 –Inspecting the ARP cache (local traffic)

Communications are usually bi-directional

The Receiver of the ARP request learns the mac address of the other party, to avoid a new ARP in opposite direction(standard behavior, see rfc 826)

Understanding ARP Step3 –Inspecting the ARP cache (non local traffic) When IP traffic is addressed outside the local network, the sender needs the MAC address of the router ARP requests can get replies only within the local network IV. Examples using NETKIT

Step3 –Inspecting the ARP cache (non local traffic)

When IP traffic is addressed outside the local network, the sender needs the MAC address of the router

ARP requests can get replies only within the local network

Understanding ARP Step3 –Inspecting the ARP cache (non local traffic) What about routers? Routers perform ARP too (hence have ARP cache) anytime they have to send IP packet on an ethernet LAN ARP requests can get replies only within the local network IV. Examples using NETKIT

Step3 –Inspecting the ARP cache (non local traffic)

What about routers?

Routers perform ARP too (hence have ARP cache) anytime they have to send IP packet on an ethernet LAN

ARP requests can get replies only within the local network

Understanding ARP Step 4 –understanding the whole picture IV. Examples using NETKIT

Step 4 –understanding the whole picture