Файловый архив студентов. Файловый архив студентов.
1261 вуз, 4609 предмет.
/ Регистрация
FAQ Обратная связь Вопросы и предложения
Добавил:
Опубликованный материал нарушает ваши авторские права? Сообщите нам.
Вуз:
Сумский государственный университет
Предмет:
Программирование
Файл:

Advanced Wireless Networks - 4G Technologies

.pdf
Скачиваний:
47
Добавлен:
17.08.2013
Размер:
21.94 Mб
Скачать

628 SECURITY

[77]T. Pedersen, Non-interactive and information-theoretic secure verifiable secret sharing. In J. Feigen-baum (ed.), Advances in Cryptology Proc. Crypto’91, the 11th Annual International Cryptology Conference, Santa Barbara, CA, 11–15 August 1991, vol. 576 of Lecture Notes in Computer Science. Springer: Berlin, 1992, pp. 129–140.

[78]B. Kumar, Integration of security in network routing protocols. SIGSAC Rev., vol. 11, 1993, pp. 18–25.

[79]K.E. Sirois and S.T. Kent, Securing the Nimrod routing architecture, in Proc. Symp. Network and Distributed System Security, Los Alamitos, CA, February 1997. The Internet Society, IEEE Computer Society Press, 1997, pp. 74–84.

[80]B.R. Smith, S. Murphy and J.J. Garcia-Luna-aceves, Securing distance-vector routing protocols. In Proc. Symp. Network and Distributed System Security, Los Alamitos, CA, February 1997. The Internet Society, IEEE Computer Society Press, 1997, pp. 85–92.

[81]R. Hauser, T. Przygienda and G. Tsudik, Lowering security overhead in link state routing. Comput. Networks, vol. 31, 1999, pp. 885–894.

[82]M.K. Reiter, Distributing trust with the Rampart toolkit, Commun. ACM, vol. 39, 1996, pp. 71–74.

[83]M.K. Reiter, M.K. Franklin, J.B. Lacy and R.N. Wright. The key management service, J. Comput. Security, vol. 4, 1996, pp. 267–297.

[84]L. Gong, Increasing availability and security of an authentication service. IEEE J. Select. Areas Commun., vol. 11, 1993, pp. 657–662.

[85]S. Capkun, L. Butty´an and J.-P. Hubaux, Self-organized public-key management for mobile ad hoc networks, IEEE Trans. Mobile Comput., vol. 2, no. 1, 2003, pp. 52–64.

[86]C. Karlof and D. Wagner, Secure routing in wireless sensor networks: attacks and countermeasures, Proc. First IEEE Int. Workshop on Sensor Network Protocols and Applications, 11 May 2003, pp. 113–127.

[87]J. Kulik, W. Heinzelman and H. Balabishnan, Negotiation-based protocols for disseminating information in wireless sensor networks, Wireless Networks, vol. 8, nos 2–3, 2002, pp. 169–185.

16

Active Networks

16.1 INTRODUCTION

The basic goals of active networking (AN) are to create networking technologies that, in contrast to current networks, are easy to evolve and which allow application specific customization. To achieve these goals, AN uses a simple idea, that the network would be easier to change and customize if it were programmable [1–6]. While AN has the high-level goals of improving evolvability and customizabilty, there are a number of low-level concerns that must be balanced to achieve these goals. The first of these concerns is flexibility. AN systems aim to significantly improve the flexibility with which we can build networks. The second concern is safety and security. It is crucial that, while adding flexibility, we do not compromise the safety or security of the resulting system. The third concern is performance. If adding flexibility results in a system that cannot achieve its performance goals, it will be pointless. The final concern is usability. It is important that the resulting system not be so complex as to be unusable.

One of the basic techniques of AN is that code (program) is moved to the node at which it should execute. One place this idea first arose was in distributed systems supporting process migration. Another significant early influence was in generalization of remote procedure call (RPC) to support remote evaluation (RE). Both of these techniques will be discussed in detail in applications for network management in Chapter 18. The next important step in this direction was a DARPA proposal on the topic of ‘Protocol boosters for distributed computing systems’. The idea was to dynamically construct protocols using protocol element insertion and deletion on an as-needed basis, to respond to network dynamics. Protocols were constructed optimistically; that is, ideal operating conditions (no errors, low delays, adequate throughput, etc.) were assumed, and protocol elements (such as error detection and correction mechanisms) were inserted into protocols on-demand, as conditions were encountered that deviated from the best case where the protocol element would not be needed.

Advanced Wireless Networks: 4G Technologies Savo G. Glisic

C 2006 John Wiley & Sons, Ltd.

630 ACTIVE NETWORKS

On the network level the previous concepts resulted in middleboxes [7]. Domain-specific ‘middleboxes’ [7] are appearing such as firewalls, network address translators (NATs) and intrusion detection systems (IDSs). Examples of such middleboxes include NATs [8–10], NAT with protocol translator (NAT-PT) [11], SOCKS gateway [12], Packet classifiers, markers and schedulers [13], TCP performance enhancing proxies [14], IP firewalls [15, 16], gatekeepers/session control boxes [17, 18], transcoders, proxies [17, 19]. These various application-driven ad hoc examples of STF (store, translate and forward) functionality can be unified in a common framework, and embedded in a common programming model reinforced with the safety and security.

The IETF’s forwarding and control element separation (ForCES) working group [20] models router architectures in a way that allows the introduction of programmable and active technologies into the Internet control plane, in the style of base building block (BBN)s FIRE [21].

The principal observation here is that forwarding and routing are distinct activities. Routing is part of the ‘control plane’ of the IP Internet, while forwarding is the ‘transport plane’. These activities were consolidated in traditional IP routers, but are now recognized as logically separate (viz. MPLS). The separation permits more general network elements to replace IP routers in performing control plane activities, allowing distributed routing with improved performance, slightly more global optimization, and perhaps surprisingly, an increase in security. In addition, the separation of routing and forwarding functions permits decoupling of their performance, allowing better tracking of technology improvements in both forwarder mechanics and routing algorithms.

Active router control uses fast forwarders as a virtual link layer, managed by specialized active router controllers (ARCs), as shown in Figure 16.1. Using a set of routers as a ‘router in a room’ is not uncommon; one could simply reduce their autonomy and specialize them to IP forwarding, making way for source routing over all optical networks or routing/router control internal to the network. The use of general purpose network elements permits this separation of concerns, while offering the potential for improvement of the Internet on a number of axes.

Active Routerrouter

 

 

Ccontrollerr

IP

 

 

 

 

IP

 

Active

IP router/

IP

packets

forwarder

 

Route

IP

 

update

 

 

 

 

IP

 

LAN

IP

IP router/

IP

forwarder

 

IP router/ IP forwarder

IP

Figure 16.1 Active router controller managing a set of forwarder/routers.

 

 

 

 

 

PROGRAMABLE NETWORKS REFERENCE MODELS

631

 

 

 

 

 

 

 

Route

 

 

 

 

IP

 

 

 

 

 

 

 

 

 

 

IP router/

 

 

 

 

 

Route

 

 

update

 

 

forwarder

 

 

 

 

 

 

 

Active routerRouter

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

update

controlController

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

IP

 

 

 

 

 

 

 

IP

 

 

 

 

 

IP router/

 

IP

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

forwarder

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

IP

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

IP router/

 

 

 

 

 

 

 

 

 

 

 

Active

 

forwarder

 

 

IP

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

packets

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

IP

 

 

 

 

IP

 

 

 

 

 

 

IP

 

 

 

 

 

 

 

 

 

 

 

 

 

IP router/

 

Active

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

forwarder

 

Active Routerrouter

 

 

 

 

 

 

 

 

 

 

packets

 

 

 

 

 

 

 

 

 

 

 

Controcontrolller

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Route

 

 

 

 

 

 

 

 

 

 

 

 

 

 

IP router/

 

IP

 

 

 

 

 

 

 

 

 

update IP

 

forwarder

 

 

IP

 

 

 

 

 

 

IP router/

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

IP router/

 

 

 

 

forwarder

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

forwarder

 

 

 

 

IP

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Figure 16.2 ARCs distributed throughout an Internet.

In this configuration, choices of routes are made by the ARC. A significant advantage is that specialized forwarding tables can be loaded into each forwarder; these tables can be small since entries must exist only for adjacent nodes.

A key advantage of the ARC model is that, for computationally centered tasks (routing, or more general computations if the programmability of ARCs is exploited), a computer which tracks computer technology trend exponentials (faster CPU, larger RAM) is used, while the forwarders independently track networking technology trend exponentials such as bandwidth improvements.

The basic distributed control architecture of Figure 16.1 can be replicated throughout an Internetwork, with the active elements using the managed Internet routes as link layers. This is shown in Figure 16.2, where a set of active nodes has been grafted into a larger collection of forwarders to create an active Internet.

16.2 PROGRAMABLE NETWORKS REFERENCE MODELS

IEEE P1520 is formalized by the IEEE Project 1520 standards initiative for programmable network interfaces and its corresponding reference model [22]. The IEEE P1520 RM, depicted in Figure 16.3, defines the following four interfaces.

(1)CCM interface – the connection control and management interface is a collection of protocols that enable the exchange of state and control information at a very low level between the NE and an external agent.

632

ACTIVE NETWORKS

 

 

 

 

 

 

 

 

 

V

 

USERS

 

 

 

 

interface

 

 

 

 

 

 

 

 

 

 

 

 

Applications invoking methods on objects below

 

 

U

 

 

 

 

 

 

 

 

 

 

 

 

 

 

interface

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Policy-based

 

 

 

 

 

RSVP

 

 

 

 

 

differentiated

 

Customized

 

Routing

 

or other

 

 

 

 

 

services

 

routing

 

algorithms

 

per-flow

 

 

 

 

 

scheduling

 

 

 

 

 

protocol

 

 

 

L

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Interface

 

 

 

 

 

 

 

 

Low

 

 

 

 

 

 

 

 

 

 

 

 

Service specific

 

 

 

 

 

 

 

 

abstraction

 

building blocks

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Resource

 

 

 

 

 

 

 

 

 

 

building blocks

 

 

 

 

 

 

 

 

Degree of

 

Base

 

 

 

 

 

 

 

 

 

building blocks

 

 

 

 

 

 

 

 

High

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Controller

 

 

 

 

 

 

Hardware and

 

 

 

Routing

Data

 

 

 

other resources

 

 

 

table

 

 

 

 

 

 

 

Figure 16.3 P1520 reference model and the L-interface abstraction model.

(2)L-interface – this defines an application program interface (API) that consists of methods for manipulating local network resources abstracted as objects. This abstraction isolates upper layers from hardware dependencies or other proprietary interfaces.

(3)U-interface – this mainly provides an API that deals with connection setup issues. The U-interface isolates the diversity of connection set-up requests from the actual algorithms that implement them.

(4)V-interface – it provides a rich set of APIs to write highly customized software, often in the form of value-added services.

CCM and L-interfaces fall under the category of NE (network element) interfaces, whereas U- and V-interfaces constitute network-wide interfaces. Initial efforts through the ATM sub-working group (P1520.2) focused on telecommunication networks based on ATM and introduced programmability in the control plane [23]. Later, the IP Sub-working Group extended these principles to IP networks and routers.

16.2.1 IETF ForCES

Recently, a working group of IETF, called forwarding and control element separation (ForCES) was formed with a similar objective to that of P1520 [24, 25]. Document [25] classifies the NE as a collection of components of two types: control elements (CE) and forwarding elements (FE) operating in the control and forwarding (transport) planes, respectively. CE’s host controls functionality, like routing and signaling protocols, whereas FEs perform operations on packets, like header processing, metering, scheduling, etc., when

PROGRAMABLE NETWORKS REFERENCE MODELS

633

 

Network element

 

 

Fr

 

CE 1

CE 2

CE 3

 

Fp

 

 

Fi

 

FE 1

FE 2

FE 3

Figure 16.4 ForCES architectural representation of NE.

passing through them. CEs and FEs may be interconnected with each other in every possible combination (CE-CE, CE-FE, FE-FE), thus forming arbitrary types of logical topologies (see Figure 16.4). Every distinct combination defines a reference point, namely, Fr , Fp and Fi . Each one of these reference points may define a protocol or a collection thereof, but ForCES protocol is only defined for the Fp reference point.

16.2.2 Active networks reference architecture

Active networks transform the store-and-forward network into store-compute-and-forward network. The difference here is that packets are no longer passive but rather active in the sense that they carry executable code together with their data payload. This code is dispatched and executed at designated (active) nodes performing operations on the packet data as well as changing the current state of the node to be found by the packets that follow. Two approaches are possible based on whether programs and data are carried discretely, within program and data packets (out-of-band) or in an integrated manner, i.e. in-band.

In the discrete case, injecting code into the node and processing packets are two separated jobs. The user or network operator first injects his customized code into the routers along a path. Then the data packet arrives, its header is examined and the appropriate preinstalled code is loaded to operate on its contents [26, 27]. Separate mechanisms for loading and executing may be required for the control thereof. This separation enables network operators to dynamically download code to extend a node’s capabilities, which in turn become available to customers through execution.

At the other extreme lies the integrated approach where code and data are carried by the same packet [28]. In this context, when a packet arrives at a node, code and data are separated, and the code is loaded to operate on the packet or change the state of the node. A hybrid approach has also been proposed [29].

The active networks reference architecture model [30, 31] is shown in Figure 16.5. An active network is a mixture of active and legacy (nonactive) nodes. The active nodes run the node operating system (NodeOS) – not necessarily the same, while a number of execution environments (EE) coexist at the same node. Finally a number of active applications (AA) make use of services offered by the EEs.

634 ACTIVE NETWORKS

AA2

AA3

AA1

Network

APIs

EE 1

Node

API

AA1

AA1

AA2

EE 2

EE 3

NodeOS

Router

Figure 16.5 Active node architecture.

The NodeOS simultaneously supports multiple EEs. Its major functionality is to provide isolation among EEs through resource allocation and control mechanisms, and to provide security mechanisms to protect EEs from each other. It may also provide other basic facilities like caching or code distribution that EEs may use to build higher abstractions to be presented to their AAs. All these capabilities are encapsulated by the node interface through which EEs interact with the NodeOS. This is the minimal fixed point at which interoperability is achieved [31]. In contrast EEs implement a very broad definition of a network API ranging from programming languages to virtual machines, to static APIs in the form of a simple list of fixed-size parameters, etc. [32]. EE takes the form of a middleware toolkit for creating, composing and deploying services.

The AN reference architecture [30] is designed for simultaneously supporting a multiplicity of EEs at a node. Only EEs of the same type are allowed to communicate with each other, whereas EEs of different type are kept isolated from each other. A thorough analysis and comparison of programmable networks may be found in References [33, 34].

The FAIN (future active IP network) NE reference architecture is depicted in Figure 16.6. It describes how the ingredients identified previously may synergistically be combined in building next-generation NEs capable of seamlessly incorporating new functionality or dynamically configured to change their behavior according to new service requirements. One of the key concepts defined by the FAIN architecture is the EE. In FAIN, drawing from an analogy based on the concepts of class and object in object-oriented systems, we distinguish EEs between the EE type and the EE instances thereof.

An EE type is characterized by the programming methodology and the programming environment that is created as a result of the methodology used. The EE type is free of any implementation details. In contrast, an EE instance represents the realization of the EE type in the form of a runtime environment by using specific implementation technology, e.g. programming language and binding mechanisms to maintain operation of the runtime environment. For details see References [21, 35].

EVOLUTION TO 4G WIRELESS NETWORKS

635

 

VE

VE

 

Privileged

 

 

 

 

VE

 

EE3

 

 

VEM

 

 

 

 

EE1

EE2

EE1

EE

 

EE2

 

1

2

1

2

 

 

Resource AcceaccessscontrolControl

 

 

AN nodeNodefacilitiesFacilties

 

Security

ASP

MgmMgnt

Dmux

 

Extended NodenodeOSS

 

 

Programable NE

 

 

 

(hardware)Hard

 

Transport

Control

Management

Figure 16.6 FAIN NE reference architecture.

16.3 EVOLUTION TO 4G WIRELESS NETWORKS

Given the volume of investments in existing networks infrastructure, a possible way to 4G might be evolution rather than any revolution. By ‘network evolution’ we mean any incremental change to a network that modifies or enhances existing functionality or adds new functionality. In the context of active networking, evolution should be able to occur at remote nodes while the network is operational with only minimal disruption to existing services. AN achieves evolution by changing the programs that operate the network. Thus the ways in which we can evolve the network are dictated by the programmability mechanisms that are available to make such changes.

Active packets (AP) are perhaps the most radical AN technology for evolution and they are the only mechanism that, at a high-level, are specific to AN. Such packets carry (or literally are) programs that execute as they pass through the nodes of network. A packet can perform management actions on the nodes, effect its own routing, or form the basis of larger protocols between distributed nodes, e.g. routing protocols. Such packets (ANTS [38], Smart Packets [39] and PLAN [40]) are like conventional packets, but with qualitatively more power and flexibility.

Active packet evolution does not require changes to the nodes of the network. Instead, it functions solely by the execution of APs utilizing standard services. The disadvantage of

636 ACTIVE NETWORKS

this approach is that taking advantage of new functionality requires the use of new packet programs. This means that at some level the applications using the functionality must be aware that the new functionality exists. This is the kind of evolution facilitated by pure AP systems, such as ANTS [38] and in essence it embodies the AN goal of application-level customization.

The programmability mechanism that is broadly familiar outside the AN community is the plug-in extension. Plug-in extensions can be downloaded and dynamically linked into a node to add new node-level functionality. For this new functionality to be used, it must be callable from some prebuilt and known interface. For example, a packet program will have a standard way of calling node resident services. If it is possible to add a plug-in extension to the set of callable services (typically by extending the service name space) then such an extension ‘plugs in’ to the service call interface.

The programmability mechanism known as the update extensions may also be downloaded, but they go beyond plug-in extensions in that they can update or modify existing code and can do so even while the node remains operational. Thus, such extension can add to or modify a system’s functionality even when there does not exist an interface for it to hook into.

An example of AP evolution program written in a special-purpose language, PLAN (packet language for AN) [40], for mobility management protocol can be found in Song et al. [36]. Before a mobile node leaves its home network, it must identify the router that serves as its home agent. For simplicity, it is assumed that its default router serves this purpose. Once the node has attached itself to a new network and has a unique address, it sends an AP containing a control program to register itself to its home agent. When executed, this program simply adds the information to the home agent’s soft-state keyed by the mobile node’s home network address. Both the application aware and transparent versions share the same soft-state entries, allowing them to use the same control program and to co-exist.

Figure 16.7 illustrates how we detect that a packet is at the home agent of a mobile host and how the packet is then tunneled to the unique address. The PLAN code for the packet

app aware

active packet

Subnet 3

CH

HA

(unchanged)

Subnet 1

MH

MH

Subnet 2

Figure 16.7 Active packets for mobile-IP (MH, mobile host; HA, home agent; CH, corresponding host.)

EVOLUTION TO 4G WIRELESS NETWORKS

637

that must be sent by the application is [36]:

fun getToAgent(dest, payload, port) = try

let val fagent = lookupTuple(dest) in

OnRemote(|FoundFA|(dest, payload, port), fagent, getRB( ), defRoute) end

handle NotFound =>

if (thisHostIs(dest)) then deliver(payload, port) else

let val next = defaultRoute(dest) in

OnNeighbor(|getToAgent|(dest, payload, port), #1 next, getRB( ),#2 next)) end

fun FoundFA(dest, payload, port) = let val hop = defaultRoute(dest) in

OnNeighbor(|deliver|(payload, port), #1 hop, getRB(), #2 hop)) end

GetToAgent is the main function and, when it executes, it first looks up dest in the softstore using lookupTuple. If that succeeds, it has found the home agent and it uses OnRemote to send a new packet, the tunnel, that will execute FoundFA at the foreign agent with the same arguments as getToAgent.

OnRemote provides multihop transmission of the packet without execution until it reaches the foreign agent. If the lookup fails the handle will execute. If we have actually reached the host then we deliver the packet. Otherwise, it looks up the next hop toward dest. It then uses OnNeighbor, which only transmits a packet one hop, to send the packet. Thus the packet travels hop-by-hop looking for the home agent. FoundFA function executes on the foreign agent, which in this case is the mobile host, but might be some other node on the same sub-net. It sends a packet to the dest that does the delivery. This is where the original packet is removed from the tunnel. Notice that all of that functionality is encoded in the tunnel packet program itself; the foreign agent does not need to have any knowledge of its role as a tunnel endpoint – it just has to support PLAN.

If a node defines an extensible interface, new extensions can be loaded and plugged into this interface to provide extended or enhanced functionality. This is the essence of plug-in extension evolution. As an illustration consider the pseudocode shown below for a simple AP that implements route discovery [36]:

Route Discover(Simple DSR)

procedure Route Request(Target,RouteRec)

if Duplicate Request Packet Or My Address Already In Route Rec then Discard

if This Host is Target

then Route Reply(RouteRec)

else

else

Append My Address To Route

Flood To All Neighbours

The packet itself embodies many key aspects of the protocol directly. In particular, it does duplicate elimination, tests for routing loops, detects termination and sends a reply,

Соседние файлы в предмете Программирование
Помощь Обратная связь Вопросы и предложения Пользовательское соглашение Политика конфиденциальности