Active Network Vision and Reality: Lessons from a Capsule-based System. April 14, 2009

The authors provide a description of their experience building and using an active network system, ANTS. ANTS is a system that routes capsules (i.e. network packets) through a network of active nodes according to custom software, as provided by the capsules themselves. Because the software is custom, it can provide support for deploying a new protocol without changing all the routers currently in the network.

ANTS is a Java based active router that runs on PCs called active nodes in the paper. The capsules are augmented IP packets that contain additional header information that (among other things) defines the custom software to run. The custom software is not actually contained in the capsule itself. It is referenced by a signature in the capsule and acquired separately via a directory service.

One of the key characteristics of this implementation is that despite the fact that the capsule doesn’t contain the custom code itself, the code is still acquired on demand. When an active node receives a capsule that doesn’t have the necessary custom code, a header in the capsule defines the previous active node. This previous active node can supply the necessary missing code on demand. This solution is efficient in that it only requires distributing custom code when necessary and only to those nodes on the path of actively routed capsules.

Another benefit of the ANTS design is that the active nodes are based on soft state. Thus each active node has the flexibility to unload state as necessary. The state can be reacquired at some later point if necessary. This flexibility may result in dropped capsules, but the authors argue that this behavior is consistent with “normal” levels of packet loss in traditional forwarding networks.

Lastly, and possibly the most important contribution, the ANTS implementation supports incremental deployment. All custom protocols must support heterogeneous network environments, where active nodes are connected by traditional IP forwarding nodes. This requirement allows the ANTS system to be deployed over existing networks. Ultimately, any new protocol will need to be deployed incrementally as it is unrealistic to expect any large network to change nodes completely and instantaneously.

Unfortunately, their security model is not as well crafted. The authors describe how they tried to balance security with the idea of making ANTS available to anyone with a new protocol. It seems that their compromises were less than successful at achieving either goal. Although the ANTS runtime environment provides significant protection in terms of protocol isolation and resource usage, the validity of the custom routing code ultimately boils down to third party certification. This approach seems to be used when no other alternative to programmatic security can be thought of.

Despite some faults, the ANTS system seems like a reasonable implementation for trying active network approaches. I’d like to see further research in terms of developing low cost devices that can function as active nodes. FPGAs are a likely candidate as they can perform a constrained set of active node API operations at wire line speeds.

Active Network Vision and Reality: Lessons from a Capsule-based System April 14, 2009

This paper presents ANTS, an active network toolkit that allows the existence of a flexible active network without compromising security. ANTS is mainly based on the idea of capsules which extends the IP packet design. This is done without breaking backwards compatibility such that a network can be incrementally upgraded to support ANTS. That is, ANTS capsules can be transmitted over traditional routers, while the same packets can be realized as capsules while passing through ANTS active nodes. This capsule model allows for programmability by including a segment of code which is executed securely at active nodes. This code determines the next forwarding route for the packet.

When doing software routing, ANTS gives an extraordinary amount of flexibility in packet forwarding, without restricting the forwarding mechanism to a limited set of devices. Thus compared to other active network approaches, such as an administrator configuring the software on a router, ANTS allows any certified node on the network to use any arbitrary forwarding mechanism by using capsules. Security is enforced by executing the code in a “sandbox” that cannot corrupt the rest of the system. Further, capsules are identified by their MD5 check-sum, thus making it impossible for one capsule to claim the data of another on the active node.

Some of the main contributions of this paper are:

1. The authors prove the flexibility and advantages of using the idea of capsules as a forwarding mechanism. Their design is extremely flexible because it allows untrusted users to handle how their packets are forwarded in any arbitrary way. Other active networks are less flexible in the sense that they either only let administrators configure the network, or that the set of devices that can be configured are very limited.
2. The authors show that it is possible to upgrade a network using an incremental approach without breaking backwards compatibility. This is made possible by the use of capsules, because the capsule design is basically an extended IP package, and existing routers can treat the capsules as traditional IP passages.
3. The authors provide a solution that can potentially be used in research environments even if its performance costs make it impractical for wide deployment. ANTS can be used as a cheap and quick method to verify new forwarding protocol designs.

One glaring problem with the paper is the performance measurements. The authors chose to implement their system in Java, and spend a good part of the paper trying to attribute the poor performance (relative to other implementations) to the use of Java. While their analysis seems rather convincing, it is hard to convince the readers that the architecture and the design itself has acceptable performance, unless the authors choose to implement a more efficient version in the future, perhaps in C++. Further, requiring the users to obtain a digital certificate before they are trusted drastically reduces the flexibility of their design.

Possible options for future research are a faster implementation of ANTS. Due to performance issues, currently ANTS is only practical when replacing software routing. If ANTS is to be used for such purposes as upgrading existing network infrastructure from IPv4, it would require highest efficiency possible, thus requiring a hardware implementation. Therefore it would be an interesting research idea to try to implement ANTS at the hardware layer (ie using FPGAs). Perhaps some existing routers can be ‘hacked’ to run ANTS software instead.

Active network vision and reality: lessons from a capsule-based system April 14, 2009

“Active network vision and reality: lessons from a capsule-based system” by David Wetherall is a paper that readdresses active networks in research by reporting the progress that the author made in using the ANTS active network toolkit. The motivation for active networks according to David Wetherall is it would accelerate the pace of innovation by seperating services and underlying infrastructure and it would allow for new applications that leverages computation within the network. The difference between Wetherall and other implementations is that Wetherall tries to acheive the original vision for active networks. His paper address three charactistics of a pure active network: capsule model programmability; accessibility of that model to all users; and applications can be constructued in practice.
The major goal of the paper was to give untrusted users the ability to control handling of their packets in the network. With this in mind, performance and security were major issues. Using the capsule model, they increased performance by passing the code in the capsules by reference instead of the copy by value type of code carrying schemes. They also limited the code size to be at most 16 KB and state that the code must run fast so there is not a lot of resources and time taken at the smart routers that execute the code. For security they make sure that the code that is to be executed is certified by a trusted authority. With this in mind they deployed their capsules as an extension of a IP packet. It is not necessary to upgrade every router so that they can handle the capsules because if the router cannot read the capsules it will just use the default routing. Capsules allow the user to potentially control the path its packet takes in the network which is a big benefit and can lead to more evolutions in network services. Another thing mention by Wetherall is that capsules allow rapid upgrading of wide area networks like the Internet. The main thing is that with capsules, it is possible for untrusted users to control their packets path in the network.
The major problem with this paper is that active networks make the network unpredictable. More problems are it is hard to write code that runs fast especially when the code has to be at most 16 KB. It is also hard to stop a user from writing code that monopolizes resources in the network.
This paper reminds me of “Implementation and Performance of Integrated Application-Controlled File Caching, Prefetching, and Disk Scheduling.” by Pei Cao, Edward W. Felten, Anna R. Karlin, and Kai Li. because allowing users to control their packet’s path is very similar to allowing applications the ability to control their prefetches. They both talk about the constraints that a bad user/application should not make it worse for other users/applications. Overall the paper reintroduces the idea of active networks. Some possible uses for this paper in the future can be used to deploy new protocols on large networks for experimenting.