ARPA Workshop on Active Networks
New Project talks |
Grand Challenge brainstorms
New project talks
- PANDA - Peter Reiher, UCLA
- One sentence summary: help us deploy GloMo ideas
in AN environment.
- deploy/combine active network services
- recognize data types, transparently adapt data in
transit at AN nodes. Legacy: GloMo traveller project
- Apps: multicase videoconf, URL remapping, caching in
the network, mobile computer replication support.
Caching with Lixia Zhiang
- want to adapt encrypted data
- want advice on which AN system they should use as their
base. want advice on sample applications
- Active Network Aplications - Tom Anderson, UW
- One sentence summary: help us deploy WebOS ideas
in AN environment.
- active naming: name = mobile code to flexibly access
service/data. Unifies URNs, replica load balancing,
distillation, mobility, etc.
- internet measurement: coordinated multipoint
measurement to determine link latency, bandwidth, drop
rate, queueing delay, and policy, etc.
- detour: intelligent border routers for aggregated
congestion control and adaptive multipath routing.
Improve latency, bandwidth, drop rate, predictability,
- naming: dynamic binding to service/data. Active name
is program that invokes a service or acquires data.
Network version of continuation-passing (3-way RPC).
Goal: rent-a-server selection, etc.
- packing routing: is indirect path better? Want to
replicate Vern Paxson traceroute measurements to see if
indirect route A->X->B is better than direct
- border routers: multipath adapting routing based on
measurements. Accumulate knowledge of network
behaviour, as opposed to individual clients discovering
- Tom's analogy: IBM FS that contiguously allocated
files. People built own FS on top of IBM's.
Demonstrate how much Internet is losing, demonstrate
better with AN. Revolution will follow.
- Active Networking for Storage - David Nagle, CMU
- One sentence summary: help us deploy NASD ideas
in AN environment.
- want to merge AN and network storage
- network storage (NASD):
- eliminate FS server - fundamental bottleneck
- object store interface (SCSI-4) to drive.
supported by in-drive FS. Drive itself
understands crypto capabilities.
- file manager (separate node) provides policy
- active disks: ship code to disks to exploit
- AN + NASD: dynamically composed, adaptive storage
protocols. Net components aware of NASD objects:
caching, reliability, security, etc.
- Agent Base Architecture for supporting Aware Security - Roy
Cambell, UC Berkeley
- One sentence summary: security!
- oooohh...active nets are scary places....need powerful,
flexible, reactive security architectures.
- blah blah, policy representation framework.
- global vs. local capabilities - access to node
resources, independent of execution environment.
- this guy said absolutely nothing of substance. Point
dave wagner and ian goldberg to this guy.
- Scalable, High PErformance Active Network Node - Dan Decasper and
Guru Parulkar, ARL Washington U, TIK ETH Zurich
- One sentence summary: we want to build AN
- goal: platform for AN supporting gigabit traffic
- platform: scalable hardware platform, distributed code
caching, streamlined software platform.
- Enabling High-Performance Active Networks using Secure Exokernel
Implementation - Stephen Schwab, TIS Labs at Network Associates
- One sentence summary: we will use exokernel
to build high-performance, secure, flexible AN nodes.
- Goal: build high-performance node, look at system
software (ensure solid security base, flexible security
mechanisms, but maintain performance (gigabit++)).
Exokernel gives them good enough starting point.
- approach: build specialized AN node OS. Features:
control access to AN resources, separation between
distinct active protocol invocations, mechanisms for
controlled sharing, enforce resource usage limits.
- exokernel: user-level apps manage physical resources.
- Concentrate on mapping of active protocol
packets/sessions to resource rights. Keep mapping in
security cache, that security validator can use for
subsequent packets or even protocol invocations.
- security subsystem:
- security manager: import active code, map
external authentication/authorization into
local access rights based on policy.
- resource control: CPU, bandwidth, memory.
- Plan: check out xok. prototype on xok.
- New Cryptographic Techniques for Active Networks - Sandra Murhpy,
TIS Labs at Network Associates
- One sentence summary: break end-to-end crypto so
we can do smart things in AN?
- Ian and Dave: Sandra is responsible for the AN security
architecture document. Track it down and debunk?
- old world: if any part of path needs protection, do
cryptography end-to-end. Firewalls starting to break
that. Even so, protection rigidly placed in network on
predetermination of risk.
- Claim: clashes with dynamic/flexible nature of AN.
- intermediate nodes need access to the
contents of packet, so need to be involved in
- can be done if can establish circuit with
stored state in intermediate nodes - securing
a flow of packets.
- circuits can't be assumed - AN: path through
net determined as packets in flight
- crypto must deal with common paths with some
wandering packets, datagram-like packet
- Observation: active code can do crypto computing as
well as net service computing. Crypto can adapt to
environment it encounters. boundaries can be defined
from POV of packet, and dealt with automatically.
- crypto associations: source-to-dest, per-hop,
source-to-each-hop, all nodes. When do we do key
transers? Considerations: performance. Who all agrees
- develop new techniques for: doing encrypt/crypto along
the way. Use to build new security services.
- From Internet to Active Net - John Guttag, MIT
- One sentence summary: programming model for AN,
plus lots of application ideas.
- activities: programming model for AN (dynamic
deployment, security, multiplexing, soft state, ...),
infrastructures to support model (binary
checking/transforming, ANTS, PAN, PANTS...).
- performance matters on end-to-end basis, not per-router
- Services/apps (Jon Santos, Ulana Legedza):
- online auction: auctioneer notifies network
of bidding status, network stores info at
some routers, routers reject irrelevant
bids, rather than forcing auctioneer to do it
- less bandwidth, faster response.
- quote server: ARs cache quotes, and return if
quote satisfies client-specified freshness
- web caching for warm pages...
- "radioactive networks" - adapt
protocols based on transmission layer, and to
needs of protocol (eg. broadcast headers at
higher power). Configuration of ad hoc
networks? Security? Dynamic resource
allocation (power, spectrum, computation)?
Demo: mobile remote access point - secure
data, voice, and video.
- Active Signaling Protocols - Bob Braden, ISI/USC
- One sentence summary: portable, active signaling
- Apply active net ideas to signaling: portable signaling
software, dynamic installation of new versions,
customization of features for users/classes
- Java foo
- versioning of protocols, version tree, etc.
- SwitchWare - Carl A. Gunter, UPenn
- One sentence summary: formal methods for AN.
- Domain Specific Languages (DSLs) make format methods
- PLAN - packet language for AN - script
instead of packet header
- keynote - language for trust management
- Query Certificate Manager (QCM) - language
for policy-directed certificate retrieval
Grand Challenge Brainstorms
- Different risk-reward curves for industry, startup, academia
- Get risk low enough so that industry reps can convince higher-ups
- What is convergence? People can buy COTS AN.
- "application pull" (cost reduction, new functionality)
will be driving force of convergence
- why will it happen? Apps get faster, or more functional, or
faster time to market. (Order of magnitude improvement in any is
- how to make it happen? Java everywhere. Define what JVM libs
must exist. give code (a reference EE).
- trap: saying "but couldn't you do this by persuading cisco
to put it in the router?". Better approach to do AN and do
it yourself rapidly.
- aggregation: voting, sensor fusion
- dissemination: multi-tiered video
- many-to-many: distributed simulation, games
- downloading per-user software
- security: real-time deployment of incident-specific diagnostics,
bypassing corrupted nodes by multi-path delivery, isolating locus
- interesting thoughts:
- smart spaces == distributed simulation? app: what is
geographically (not cybergraphically) close to me?
- is active ntes the next stage of plug and play?
- virtual ISP?
- net management? zero-cost, zero-risk
- dependency: demonstrate and measure apps -> widespread
deployment -> available nodeOS platforms -> nodeOS
- challenge: consensus.
- environments: (P)ANTS, PLAN, JANE, Netscript
- NodeOSs: Linux w/ Kernel hacks, Scout, NetBSD/FreeBSD,
Nemesis, OSToolkit, XOK, SANE, L4
Gribble / firstname.lastname@example.org
Last modified: Sun Jul 19 16:10:14 1998