Patrick Droz

Autonomic service deployment in networks

Networks have been growing dramatically in size and functionality in past years. Internet Protocol network nodes not only forward datagrams using longest-prefix matching of the destination address, but also execute functions based on dynamic policies such as proxy-caching, encryption, tunneling, and firewalling. More recently, programmable behaviors have begun to appear in network elements, allowing experimentation with even more sophisticated services. This paper presents an autonomic approach to network service deployment that scales to large heterogeneous networks. Topological categories of service deployment are introduced. A two-phase deployment mechanism that is split into hierarchically distributed and central computations is presented and illustrated with examples of actual services in a programmable network environment, together with their deployment algorithms and simulation results. Autonomic service deployment allows the distributed and complex capabilities present in network elements to be leveraged more efficiently when installing new services than is possible in traditional centralized network management-based approaches. As a result, installation is faster and use of functional resources is more optimized.

Creating advanced functions on network processors: experience and perspectives

In this article we present five case studies of advanced networking functions that detail how a network processor (NP) can provide high performance and also the necessary flexibility compared with ASIC. We first review the basic NP system architectures, and describe the IBM PowerNP architecture from the data plane as well as the control plane point of view. We introduce models for the programmers views of NP that facilitate a global understanding of NP software programming. Then, for each case study, we present results from prototypes as well as general considerations that apply to a wider range of system architectures. Specifically, we investigate the suitability of NP for QoS (active queue management and traffic engineering), header processing (GPRS tunneling protocol), intelligent forwarding (load balancing without flow disruption), payload processing (code interpretation and just-in-time compilation in active networks), and protocol stack termination (SCTP). Finally, we summarize the key features as revealed by each case study, and conclude with remarks on the future of NP.

A hierarchical mechanism for the scalable deployment of services over large programmable and heterogeneous networks

This paper presents a novel mechanism that enables scalable service deployment over programmable heterogeneous networks. For ease of service deployment, it is expected that network management tools will require the network itself to participate in this task so as to be able to scale to very large number of network elements, with widely varying programmability levels. The type of services considered is very broad, ranging from routing services involving only selected nodes of a network to end-to-end services spanning the entire network. Successive steps of the mechanism to deploy new services into a network automatically are presented. The algorithmic structure of the mechanism described is then illustrated by several examples showing its applicability and complexity.

Distributed Service Deployment over Programmable Networks

This paper presents the elements of a framework enabling QoS-aware service deployment over programmable heterogeneous networks. For ease of service deployment, it is expected that network management tools will require the network itself to participate in this task so as to be able to scale to very large numbers of network elements, with widely varying programmability levels. Three categories of service deployment are considered, namely services spanning along paths in the network, services involving only selected nodes, and combinations of both. The underlying hierarchical structure and the representation of capabilities used by the mechanism to deploy new services into a network automatically are presented. A formal description of the mechanism based on a Gather-Compute-Scatter paradigm is introduced and then illustrated by examples of all three service-deployment categories.

Towards High-Performance Active Networking

Network processors have been developed to ease the implementation of new network protocols in high-speed routers. Being embedded in network interface cards, they enable extended packet processing at link speed as is required, for instance, for active network nodes. Active network nodes start using network processors for extended packet processing close to the link. The control and configuration of high-performance active network nodes with network processors such that new services can benefit from the additional processing capacity offered is nontrivial since the complexity to configure a node while providing sufficient level of abstraction is hard to master. In this paper, we present PromethOS NP which is a modular and flexible router architecture that provides a framework for dynamic service extension by plugins with integrated support of network processors, namely the IBM PowerNP 4GS3 network processor. We briefly introduce the PowerNP architecture in order to show how our active networking framework maps onto this network processor and provide results from performance measurements. Owing to architectural similarities of network processors, we believe that our considerations are also valid for other network processors.

PNNI augmented routing (PAR) and Proxy-Par

Abstract ATM networks are often used to carry IP traffic, but IP over ATM techniques suffer from complex and error-prone configuration. PNNI Augmented Routing (PAR) is an extension to PNNI to simplify IP support. In addition, a very lightweight interface called Proxy-PAR enables ATM-attached IP devices to operate without a full PAR implementation. PAR and Proxy-PAR provide a service discovery system for IP devices attached to ATM–PNNI networks. PAR and Proxy-PAR are standards from the ATM Forum, and are referenced by the IETF. This paper shows how PAR and Proxy-PAR can complement solutions, such as ILMI-based Server Discovery, Classical IP and ARP over ATM, and Next-Hop Resolution Protocol, or even replace existing solutions, for instance where a distributed address resolution mechanism is preferable to a centralized one. This is then described in the context of three different types of networks: a campus, a backbone, and a mobile network.

Proxy PNNI augmented routing (proxy PAR)

ATM networks often carry other popular communication protocols such as TCP/IP. LAN emulation techniques, with LANE and MPOA being the most prominent ones, make it possible to support existing applications, but do not take advantage of many ATM capabilities. Furthermore, such server-based solutions often suffer from single point of failure problems. PNNI Augmented Routing (PAR), based on Private Network–Network Interface (PNNI), enables ATM and TCP/IP to be better integrated than in an emulation environment. In addition to that, Proxy PAR has been introduced as a minimal version of PAR that gives ATM-attached devices the ability to interact with PNNI devices without the complexity associated with a full PAR implementation. Proxy PAR has been conceived as a client/server interaction in which the client side is much simpler than the server side, permitting fast implementation and deployment in existing IPv4 devices. The main purpose of Proxy PAR is to allow non-ATM devices to use the flooding mechanisms provided by PNNI for registration and automatic discovery of services offered. Proxy PAR capable servers support filtering based on Virtual Private Network (VPN) IDs, IP protocols and address prefixes. This enables, for example, routers in a certain VPN running OSPF to find their neighboring routers without the manual configuration implied by other technologies such as Frame Relay.

WANTED: a theft-deterrent solution for the pervasive computing world

This paper presents a new theft-deterrent system called WANTED. The system relies on credits and blacklists, with each protected device periodically requesting new credit in order to continue operating. The main features of WANTED are resistance to attacks, guaranteed privacy, and scalability. The client part is a hybrid system consisting of an untrusted software component and a trusted hardware component. This offers maximum flexibility, while keeping the hardware requirements low.

A Buffer-Management Scheme for Bandwidth and Delay Differentiation Using a Virtual Scheduler

This paper presents a new scalable buffer-management scheme for IP Differentiated Services. The scheme consists of a Differentiated Random Drop (DRD) algorithm using feedback from a virtual scheduler. DRD choses a queue to perform an early packet drop to avoid congestion according to a specific probability function. It will be shown that DRD in conjunction with first-come first-served scheduling is able to support relative service differentiation. The virtual scheduler is introduced to enable service differentiation in terms of bandwidth and delay at the same time. A virtual scheduler runs in parallel to the real scheduler and maintains virtual queue lengths that are being used by the congestion avoidance scheme for packet-drop decisions. Scheduling packets for transmission is performed by the real scheduler only.