Active Network Vision and Reality: Lessons from a Capsule-based System
by David Wetherall
url show details
Details
| type: | misc | | booktitle: | DANCE | | year: | 1999 | | month: | nov # "~15 | | annote: | David Wetherall (Department of Computer Science and Engineering; University of Washington); | | publisher: | IEEE Computer Society | | pages: | 25 | | abstract: | Although active networks have generated much debate in the research community, on the whole there has been little hard evidence to inform this debate. This paper aims to redress the situation by reporting what we have learned by designing, implementing and using the ANTS active network toolkit over the past two years. At this early stage, active networks remain an open research area. However, we believe that we have made substantial progress towards providing a more flexible network layer while at the same time addressing the performance and security concerns raised by the presence of mobile code in the network. In this paper, we argue our progress towards the original vision and the difficulties that we have not yet resolved in three areas that characterize a {"}pure{"} active network: the capsule model of programmability; the accessibility of that model to all users; and the applications that can be constructed in practice. 1 Introduction Active networks are a novel approach to network... |
|
|
You need to log in to add tags and post comments.
Review of "Active network vision and reality: lessons from a
capsule-based system" by David Wetherall (SOSP '99)
Active networks, proposed in 1996, allow customized programs to
be executed on routers within the network. This approach is
attractive because it would allow easy deployment of new network
protocols and services without changing existing routers. The author
of this paper designed and implemented the ANTS active network
toolkit, and here he reports on his experience in using it.
ANTS is an overlay network on top of IP, so it can be incrementally
deployed in the existing Internet. The unit of transmission is the
capsule, which, in addition to the headers of regular IP
packets, contains executable code that directs how the capsule should
be forwarded and/or manipulated. Actually, instead of containing the
code directly, the capsule contains a MD5 hash of the code. If the
router doesn't have a cached copy of the code, then it requests it
from the previous router and caches the code for the next packet with
the same forwarding code.
There are two major hurdles that face ANTS: performance and security.
The author admits that software-controlled routing doesn't scale to
high-volume core routers, but his experiments indicate that
performance is acceptable for routers nearer the edge of the network.
Low-level security is provided by running the mobile code in a
sandbox, by providing a restricted API (e.g., to prevent tampering
with the TTL field), and by pre-empting and discarding the mobile code
if it runs for too long. To further ensure that the code doesn't
grossly over-utilize network resources, the router requires that the
code be certified (using public-key encryption digital signatures) by
an authority, such as the IETF.
Possible discussion topics:
- The paper doesn't seem to address how ANTS routers find each other
on the Internet. If ANTS is actually deployed on the Internet as an
overlay network, this would be important.
- In fact, finding other nodes of an overlay network seems to be a
very important problem. Might a framework for finding routers running
a compatible protocol (identifying the protocol using an MD5 of a
suitable formal description of the protocol) be useful in and of
itself?
- One possibility mentioned for improved performance is to use
proof-carrying code (PCC) instead of running the mobile code in a
sandbox. One problem with state-of-the-art PCC techniques is that the
proof instead is often a few times longer than the actual program.
Might it be possible to restrict the possible program behaviors to
obtain more manageably-sized proofs?
- Many of the new protocols discussed in this course were not adopted,
in large part because the existing Internet was "good enough" and the
cost of change was too great. The proposal in this paper is framework
for other protocols; i.e., it does not do anything useful in and of
itself. Might this make it doubly hard for an ANTS-like protocol to
become adopted?
It is a shame that research on Active Networks has halted, since they have very useful properties. Some of the Internet problems that have been address in papers never saw their solutions implemented because they are difficult to deploy and because people believe that it is not worth the effort (and cost).
However, if the Internet was an active network, it would be much easier to deploy new protocols and services.
Also, it would be great to use active networks to test and evaluate protocols on top of real networks instead of using simulations.
It is an interesting and visionary idea, but I don't think they really evaluated their framework in terms of practicality issues. Also, it makes me uncomfortable that they just briefly mentioned about security issues with use of PCC and code fingerprinting. Does the code fingerprinting really address the security problems? (and MD5 is not secure anymore.) In this kind of open platform, what might be the trusted entity?
I think the main contribution of this paper is the "Capsule" interface and how it is processed in ANTS. But the topic of active network goes too far from the commercialized internet, so(?) it could not survive in the post-2000 research community.
This is my first time having heard about "active network". It seems to be a promising networks; however, come with, as many people said, complexity. I think the idea of carrying capsule code by reference rather than by value is interesting.
i think that the idea of an active network is cool. The paper basically provides a framework for other protocols.
But I guess as always due to "complexity and cost" issues it did not become popular.
Is the lack of current research in active networks due to implementation issues, performance, or security? The security issue is an important new issue that hasn't really come up previously in the class. According to the vision of active networks, all (untrusted) users should be able to customize processing: but there is a risk that some malicious users could harm the network. It is pretty impressive that despite this vision, they are still able to preserve security by means of a trusted authority: however, this appears to involve a lot of overhead which could hurt performance.
This was an interesting read for me, since I wasn't familiar with the concept of active networks. I think the authors did a good job of conveying what active networks are and how they work. However my personal feeling is that in most cases the benefits of active networks might not be worth the extra effort.
On the one hand the authors claim that active networks, and ANTS in particular, do not conflict with the end-to-end argument. On the other hand they also state that a poorly designed/written ANTS service could potentially violate the end-to-end argument, which I think imposes quite a serious risk and is a major drawback of active networks. It was also quite disappointing to see that the most compelling applications of capsules improved on network layer services. It would be nice to see some interesting examples of application code that has been migrated to nodes in the active network.
The paper claims that capsules can provide comparable forwarding mechanisms when software-based routers are viable. However, they did not provide compelling arguments
to convince me that the idea of active networks was powerful enough to overcome its flaws. While the overlay network seems to be another better solution to the same problem, but at a higher level.