DiProNN: Distributed Programmable Network Node

Warning

This publication doesn't include Institute of Computer Science. It includes Faculty of Informatics. Official publication website can be found on muni.cz.
Authors

REBOK Tomáš

Year of publication 2009
MU Faculty or unit

Faculty of Informatics

Citation
Description The Active/Programmable networks allow the end users to inject customized programs into special network nodes, making them able to let their data being processed (in the way they want) directly in the network as it passes through. This approach has been presented as a reaction to a certain fossilization of the traditional computer networks, which on the one hand behave as a simple and extremely fast forwarding infrastructure, but which on the other have not been designed for fast and dynamic reconfigurations and novel services' deployment. Multimedia application processing (e.g., videoconferencing, video transcoding, video on demand, etc.), secure and reliable multicast, etc.), intrusion detection systems, and dynamically adapting Intranet firewalls are just a few possible services, which could be provided. Thanks to an amazing functional flexibility, the active/programmable networks became very popular in a short time and have been studied by many research teams. Various architectures have been proposed, from the integrated ones based on the active packets containing a program code (so-called capsules) to the discrete ones, where the program injection is separated from the processing of the data packets, all of them including software-only as well as software-hardware architectures. The fundamental issues, which have to be addressed by all the architectures, are: Execution Environment Flexibility -- the active/programmable nodes have to provide an execution environment (EE), inside which all the user active programs (APs) are processed. Ideally, the nodes should be able to accept and run the user-supplied APs designed for an arbitrary EE, which will provide the highest flexibility possible. However, the existing solutions usually restrict the users to provide the APs designed just for a single and specific EE, ordinarily represented by a Unix/Linux-based OS, Java Runtime Environment, or a specialized proprietary one. Resource Isolation and Security -- for security purposes, the running APs have to be strongly isolated from each other, so that a malicious/compromized AP cannot affect another APs sharing the same HW/SW resource(s) nor it can directly affect the simultaneously running APs themselves. Such an isolation has to further eliminate a hidden influence among the APs (e.g., through swapping of virtual memory pages) as well. Most of the architectures, which have been presented so far, more or less omit such security mechanisms at all, or provide proprietary mechanisms, which are externally enforcing defined security policies, but which do not address the fundamentals of the problem. We claim, that instead of proposing novel and hopefully ``more perfect'' proprietary solutions, these issues could be essentially addressed by making use of the virtualization techniques, which have revived in the recent years. And even further, besides helping to cope with these mentioned issues, the virtualization could also provide another useful benefits, which are discussed in this thesis as well. The main goal of this thesis is to investigate and present the benefits of employing the virtulization principles in the active/programmable networks area. To illustrate them, we propose a novel programmable network node architecture, named DiProNN (Distributed Programmable Network Node), that employs the virtualization techniques and makes use of their discussed features. The employed virtualization, properly combined with another useful concepts, enables us to propose a very flexible and powerful programmable node, which allows its users to develop their active programs for arbitrary execution environments and comfortably compose them into complex processing applications. Besides the execution environments' flexibility, the employed virtualization makes the proposed node further able to provide higher security and strong isolation capabilities, additionally enhanced by robust resource reservations and guarantees.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.

More info