Defense by Amit Saha

1
Defense by Amit Saha
ANTS A Toolkit for Building and
Dynamically Deploying Network Protocols David
Wetherall, John Guttag, and David Tennenhouse

• March 25th, 2004, Rice University

2
Outline of the talk

• Motivation
• Architecture
• Goals
• Components
• Examples
• Related work
• Conclusion

3
Motivation

• Easily build and deploy network protocols at
  intermediate nodes as well as end points

4
Architecture - Goals

• Simultaneous support for multiple network
  protocols
• Support new protocol construction no
  centralized authority
• Support dynamic deployment no down time

5
Architecture - Components

• Capsules
• Active nodes
• Code distribution

6
Architecture - Hierarchy
Protocol
Unit of programming protection
Code group
Code group
Unit of code transfer
Unit of message forwarding
Capsule
Capsule
Capsule
7
Capsule

• A capsule is a replacement for a packet
• Reference to forwarding routine
• Fingerprint based identifier reduces danger of
  protocol spoofing

8
Active node

• Exports a set of node primitives
• Determines what kind of processing routines can
  be deployed by applications
• Execution model
• Optimized for packet forwarding
• Can be extended to generalized computation

9
Active node primitives

• Environment access
• Query routing tables, state of links, etc
• Capsule manipulation
• Access to capsule headers and payload
• Control operations
• Create, copy, forward, discard capsules
• Node storage
• Manipulate short-lived application-defined objects

10
Active node execution model

• Forwarding routines
• Immutable and fixed at sender
• Run locally within a short time
• Memory and bandwidth usage is bounded by a TTL
  like scheme
• Only capsules belonging to the same protocol may
  share state
• A capsule cannot create new capsule of a
  different protocol

11
Active node execution model

• Not all nodes need to be active nodes
• Sandboxing and Java byte code verification used
  for protection

12
Code distribution

• Unfeasible approaches
• Carry entire program in capsule
• Pre-load program into all active nodes
• Couple code transfer with data transfer
• Distributes code to where needed
• Adapts to connectivity changes

13
Code distribution steps
Capsule
Search cache
Request
Capsule
14
Example Mobile hosts

• Mobile IP like protocol with two cooperating
  capsule types
• Register Sent by mobile host to register
  forwarding information
• Data Used by other hosts to send messages to
  mobile host

15
Example Mobile hosts
Source
Home agent
Foreign agent
Dest (home)
Dest (away)
16
Example Multicast
Member
Intermediate node
Sender
Member
17
Related work

• Softnet (1983)
• Seminal work safety and efficiency ?
• Most similar to this work
• x-kernel (1991)
• Dynamic composition of micro-protocols on a per
  packet basis
• Inherently less flexible since restricted to a
  set of micro-protocols
• Messenger paradigm (1995)
• End-to-end in nature

18
Conclusion

• Rapid deployment of new protocols to exactly the
  required nodes
• No advance consensus required about protocols