Our everyday lives have become critically dependent on networking technology and systems. In addition to telephone and email communications, new multimedia services and sensor networks are becoming part of our daily lives. Impressive increases in data traffic and the strong demands for pervasive communications have been recently met by remarkable advances in optical networking and wireless networking technologies. While technological advances have been outstanding, modern applications find significant performance bottlenecks in today’s heterogeneous network environments.
The ‘original’ Internet design assumed intelligent end-devices (computers), an ‘end-to-end’ principle, and a cooperative network management based on trust. The Internet Protocol (IP) did not consider supporting security, real-time services, or quality-of-service (QoS). The new Internet realities are: diverse end-devices (appliances), heterogeneous networks (wireless/satellite, optical core, etc.), competitive and adversarial network management (trust can no longer be assumed). In addition, the modern services often require real-time transport, quality-of-service, and security. The new Internet and modern applications challenge the underlying assumptions of the current protocol and network architecture.
We are currently investigating new networking technology and systems for achieving high performance across heterogeneous networks in support of diverse modern applications. The proposed approach pursues a unified framework that spans any type of underlying networking technologies, without making any assumptions about physical layer technologies or higher layer protocols. The proposed efforts are organized around four main themes.
We are currently pursuing segmented protocols, protocols that provide end-to-end transport, but which are aware of the application requirements and data as well as the underlying network technologies. They modify their behavior piecewise as they span different segments of the network. An ‘impedance matching’ occurs at the boundaries of the networks to achieve high performance transport across heterogeneous underlying network technologies. Here, impedance matching indicates adjustments made between the heterogeneous networks to achieve as seamless transport as possible. Security monitoring and intrusion detection takes place in each domain at the core and at the edges. Second, we are desiging Intelligent Programmable Network Elements (IPNEs), middle boxes that are deployment points for extending the network with new functions that can mitigate the diversity of the end devices and access networks. The IPNEs will provide impedance matching between the diverse networks and will support segmented protocols depending on the applications. These are devices that have been programmed and extended with support for enhanced packet processing, primarily through mechanisms for flexible packet classification, transformation, and action. They provide a possible foundation for network implementation of a powerful paradigm of Observe-Analyze-Act, which can detect unusual network behaviors and perform actions to correct or recover from such behaviors. Actions include the ability to perform application-specific routing, like overlays to route around failed components, or block/delay “suspicious” traffic streams to protect the network from attack.
Third, this work provides very effective and low-overhead network control management (NC&M) by leveraging IPNEs. The NC&M system will conduct Observe-Analyze-Act to measure network status, analyze possible implications, and take proactive actions. The NC&M will run on a secure data-communication-channel, and will achieve adaptive programming of the IPNEs and the core routers. The labels attached by IPNEs will be monitored at the core and by other IPNEs. For security purposes, additional information may be added on the label to explicitly note the security feature or to reprogram encryption algorithms. The monitored information from IPNEs and core routers regarding traffic pattern and security will be collected by the NC&M for ‘Observe-Analyze-Act’, leading to intelligent traffic engineering and even preventing denial-of-service attacks. The IPNEs and the NC&M can conduct pattern matching and spoofed-packet based intrusion detections, and the programmability in the IPNEs allows updating of new security features. We will adopt knowledge plane concepts to incorporate learning such that the response to intrusion will be made smarter if similar intrusion occurs at a later time.
Lastly, this work includes comprehensive studies involving architecture, protocol, prototyping, and experimental research. The proposing team will be able to conduct full theoretical and experimental studies by exploiting the existing infrastructure built under the NSF ANI 9986665 project at UC Davis and wireless and programmable networking testbeds at Berkeley, by using common infrastructures including CENIC CalRen networks and Planet Labs, and by using the new NSF DETER testbed and EMIST evaluator. We will verify the new concept and compare it with existing concepts by simulations and experiments. We will take measurements in the network (e.g. Planet-lab). We will evaluate the effectiveness across optical burst switching, optical packet switching, wirelined IP, and wireless mobile networks. We will create a scenario, for instance a denial-of-serivce attack, and observe the response of the proposed next generation network by simulations and by actual experimentations in DETER testbed.
Proposed work will comprehensively investigate, for the first time, a unified networking framework spanning extremely heterogeneous networks, with a goal to design and demonstrate very high-performance, secure, programmable, robust, and ubiquitous networking technology.