CANEs: Composable Active Network Elements
Quarterly Status Report
Period: June 11, 2000 - September 11, 2000
Participants
Georgia Tech Faculty and Staff:
University of Kentucky Faculty:
GTE Laboratories:
Research Assistants:
- Youngsu Chae (GT)
- Richard Liston (GT)
- Shashidar Merugu (GT)
- Amit Sehgal (UK)
- Srinivasan Venkatramen (UK)
Accomplishments in the Quarter
The majority of our effort during this period was devoted
to development of an integrated demonstration for the December
DARPA meeting. In this area, we accomplished the following:
- Attempted to integrate the U. of Illinois security
guardian (written in Java) into our C-based Bowman/CANEs
platform. Efforts centered on trying to run the security guardian (and
therefore a Java virtual machine) as a thread within our C program.
We were unable to get that to work reliably.
- Designed an interface between the U. of Illinois security
guardian and the Bowman/CANEs calls. This required modifications
to CANEs, including the ability to "undo" a flow creation if any
step of the authorization fails. We previously had no need to
roll back flow creation.
- Designed a mechanism for per-flow, link-level authorization of
bandwidth. This mechanism will prevent denial-of-service
attacks that operate by gaining access to the potentially expensive
demultiplexing that exists in active node implementations.
The basic idea is that the up-link sender inserts a credential
that is quickly checked by the active node, prior to further demultiplexing.
We intend to demonstration this capability at the December demos.
- Investigated mechanisms to improve Bowman/CANEs performance
and robustness, as required for the planned real-time video
demonstration. This involved careful measurement of packet
rates and losses, which revealed that Bowman/CANEs lost packets
during peak rates in the video transmission. To solve this, we
pushed additional buffering into the kernel to allow smoothing
of the rate seen by Bowman/CANEs. Modified the Bowman scheduling
to provide more equitable treatment across channels.
- Worked with TASC on the setup of WindowsNT-based video
clients to be used during the demonstration.
We also worked on preparations for the December demonstration
meeting, including the following:
- Gathered requirements from all teams. Developed a plan
for the use of the setup rooms and the auditorium.
- Worked with local computer and networking support groups
on the necessary infrastructure in the demonstration rooms,
including networking and displays.
- Updated web page containing meeting information.
See
demo web page.
Publications and Presentations
- Zegura gave a talk "Progress on RFQ and Virtual Link
Implementations" at the Washington University Gigabit Switch
Kit Workshop in St. Louis, Missouri, in July 2000.
Travel
None to report.
Administrative Issues
None to report.
Plans for Next Quarter
- Move to a stand-alone process implementation of
the U. of Illinois security guardian, with a UDP socket
interface for communication with Bowman/CANEs. This will overcome
the difficulties that we had in attempting to run the security
guardian within our platform.
- Implement the per-flow, link-level authorization of
bandwidth. This requires modifications to Bowman channels
to allow that check to occur prior to general packet classification.
- Prepare for Team 4's demonstration, including writing script
and talks.
- Host demonstrations, including arranging for shipments,
and supporting groups during the setup and demonstration days.
Ellen Witte Zegura
Last modified: Fri Nov 17 12:52:39 EST 2000