This project is aimed at the design, prototype implementation, and demonstration of a high performance Active Network Node (ANN) that supports network traffic at gigabit rates and provides the typical flexibility of Active Network technology for automatic, rapid protocol deployment and application specific data processing and forwarding.
The basic requirement for active networking is to allow users and applications to control networking nodes and how their packets are processed and forwarded. This necessitates computing and programmability at each network node. However, this requirement should not considerably degrade the performance of the execution environment through excessively complex and inefficient security mechanisms. In other words, per packet processing should not require a long and inefficient software path. Thus, the fundamental challenge that high performance active networking poses can be summarized as follows:
Allow relocating part of the processing from the endsystems into the network, however minimize the amount of processing on a single node and make the processing as efficient as possible while keeping the flexibility and customizability the active networking paradigm introduces.
Architecture
Active networking is an exciting area of research which concentrates on two commonly separated approaches: “programmable switches” and “capsules”. These two approaches can be viewed as the two extremes in terms of program code injection into network nodes.
To overcome the performance related problems which will exist at least in the near term for capsules, we think that a combination of both the programmable switch and the capsule approaches is very appealing. We replace the capsules’ program code by a reference to an active module stored on a code server, building a distributed code cache. On a reference to an unknown code segment in a router or an end system, the code is automatically downloaded from a code server. It is important to note that the code fragment or module is dynamically linked and executes like native code on the router/node, and thus, it runs as fast as any other code. More over, the security issues are addressed by usage of well known cryptology techniques, and thus, our scheme does not require slow virtual machines. It introduces some restrictions regarding the authorship and the source of active network code for the benefit of security and performance but we believe this to be an appropriate compromise.
We call this technique Distributed Code Caching for Active Networks (DAN).
We will build a hardware and software system to support DAN. Besides DAN, we will support ANTS. We believe that ANTS is complementary to our project in a sense that it is less focused on performance but provides optimal flexibility. Using ANTS, development of active modules can go through two stages: First, active modules can be prototyped in ANTS for experiments and refinement. Second, they can be written as active modules for our architecture to guarantee high performance and stored on code servers.
Hardware
An active networking platform designed for high performance requires:
Tight coupling between a processing engine and the network as well as between the processing engine and a switch backplane. Since the limiting factors in gigabit networks, especially with active networking support, are processor power and memory bandwidth, one has to make sure that these valuable resources are used in the most effective fashion. Two selective measures are applied. First, we benefit from the fact that most network traffic is flow-oriented. Bursts of packets share important forwarding properties which are, once determined, common to all packets of a particular flow. Thus, the majority of packets allow cut-through routing directly through the switch backplane without CPU intervention. Second, by tightly coupling the processing engine to the link, packets arrive at an ANN with minimal overhead through zero-copy DMA.
Scalable processing power to meet the demands of active processing of packets. Processing power must be augmentable to meet the changing requirements of the network load. Computation on active flows must be evenly distributed over the CPUs available.
Over the past few years, we have been prototyping technological components that enable building of an Active Networking Node (ANN). These components meet both of the above requirements extremely well in a cost effective fashion. The ANN hardware consists of Active Network Processing Elements (ANPE) connected to an ATM switch backplane. One off-the-shelf Intel Pentium CPU, the APIC host-network adaptor chip and memory build the core hardware components of a single ANPE. An arbitrary number of ANPE can be attached to the switch backplane to augment the ANNs performance.
Software
The software framework running on each ANPE will be built on top of our Router Plugins research platform. Crossbow consists of a modified NetBSD Unix kernel implementing IPv6 and QoS functionality in a modular fashion. The experience gained from the development of a modular high-performance toolkit will be critical for the development of the active network platform described here, which is inherently modular. Several integral components of Crossbow like the fast packet filterer will be used for the proposed project and reduce development time significantly. The proposed framework introduces a userspace software component for code downloading, which is called Plugin Management.
The plugin management includes the following sub-components: an Active Module Loader which loads the active modules authenticated and digitally signed by their developers from well known code servers using a lightweight network protocol (e.g. UDP/IP); a Policy Controller which maintains a table of policy rules set up by an administrator, e.g. restrict the set of supported modules; a Security Gateway which allows/denies active modules based their origin and developer by analyzing their digital signatures/authentication information; a Module Database Controller which efficiently administers the local database of active modules; a Function Dispatcher which identifies references to active modules in data packets and passes these packets to their corresponding function implementations; a Resource Controller for fair CPU time sharing among active functions; it dynamically distributes active flows to different ANPEs.
Keller, R., et.al., "An Active Router Architecture for Multicast Video Distribution", To appear in Infocom 2000 (PDF)
Turner, J., et.al, "Design of a Flexible Open Platform for High Performance Active Networks", In Allerton Conference, September 1999 (PDF)
Wolf, T., and Decasper, D., "CPU Scheduling for Active Processing using Feedback Deficit Round Robin", In Allerton Conference, September 1999 (PDF)
Decasper, D., Parulkar, G., Choi, S., DeHart, J., Wolf, T., Plattner, B., "A Scalable, High Performance Active Network Node", In IEEE Network, January/February 1999 (PDF)
Decasper, D. and Plattner, B., “DAN - Distributed Code Caching for Active Networks, In Proceedings of INFOCOM'98, April 1998, San Francisco
(PS - PDF)
