1 / 32

The Stanford Clean Slate Program

The Stanford Clean Slate Program. http://cleanslate.stanford.edu. Nick McKeown Professor of Computer Science & Electrical Engineering.

art
Télécharger la présentation

The Stanford Clean Slate Program

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The Stanford Clean Slate Program http://cleanslate.stanford.edu Nick McKeown Professor of Computer Science & Electrical Engineering

  2. “These guys are completely on crack …You do not want to have intelligence inside the network, ever… The [network] should be application-unaware, stupid, unreliable, and as simple as possible. Which is the Internet we have today, and it works great, thank you very much.” “It doesn't need fixing. It just needs a few upgrades. IPV6 would be a nice place to start” It’s just a bunch of tubes, right? The Stanford Clean Slate Program http://cleanslate.stanford.edu

  3. Clean Slate Research is… A way of thinking … that is common elsewhere … but difficult when there is legacy The Stanford Clean Slate Program http://cleanslate.stanford.edu

  4. Installed base • 8,000 • 1968 170M • 2007 700M Car Policy Engine Car Body Control Materials Emissions Fueling Stations Manufacture Safety Fuel Rethinking the car 1 gallon of gas g 22lbs of CO2 The Stanford Clean Slate Program http://cleanslate.stanford.edu

  5. Anything to rethink? “How come it takes an hour to set up a session?” “Why can I join someone else’s call?” “Will the quality always be this poor?” “Can I put a camera on my car and drive around?” The Stanford Clean Slate Program http://cleanslate.stanford.edu

  6. Unthought of applications Economically sustainable Trustworthy: Secure, robust, manageable Mobility by default. Users and data Performance to blow our socks off Unthought of links The Stanford Clean Slate Program http://cleanslate.stanford.edu

  7. Early stakes in the ground Organic growth lead to structure: Let’s exploit it Optics is here to stay: Let’s exploit it too Flows: They are our friends The Stanford Clean Slate Program http://cleanslate.stanford.edu

  8. In parallel 2005: A sea-change in the networking research community • Prompted by NSF • ITRs (including 100x100 Clean Slate Program) • NSF FIND: Funding for architectural ideas • NSF GENI: Creating a platform for experimenting with new architectures, services and technologies 2006-2007: A large community-wide effort • GENI planning process • Programs starting in Europe and Asia 2007 - : GENI Project Office The Stanford Clean Slate Program http://cleanslate.stanford.edu

  9. Bottom-up first, Top-down later • Now…“Innovation in the small” • Coverage of areas • Four funded so far, adding more Architectural Blueprint? The Stanford Clean Slate Program http://cleanslate.stanford.edu

  10. Flagship projects • Larger collaborative projects • Start to tie research together Architectural Blueprint? The Stanford Clean Slate Program http://cleanslate.stanford.edu

  11. Wireless (Spectrum) Backbone (Lightflow) Congestion Control (RCP) Backbone (VLB) Security (Ethane) Flow Theory Top-down blueprint? Too early to decide Architectural Blueprint? Programmable Nationwide Backbone Local Wireless Platform The Stanford Clean Slate Program http://cleanslate.stanford.edu

  12. The Stanford Clean Slate Program • Create a breeding ground for new collaborative projects across boundaries • Projects that will have significant impact in 10-15 years • Exploit Stanford’s breadth and depth • Work closely with a focused group of committed industrial partners The Stanford Clean Slate Program http://cleanslate.stanford.edu

  13. Executive Director Guru Parulkar Stanford Clean Slate Program Faculty Directors Nick McKeown Bernd Girod Affiliate Members Cisco Deutsche Telekom NEC NTT DoCoMo Xilinx + 3 in the works The Stanford Clean Slate Program http://cleanslate.stanford.edu

  14. Stanford’s Breadth and Depth • World-class expertise in: Networking, optical communications, wireless, access networks, theory, economics, security, applications, multimedia, operating systems, hardware and VLSI, system architecture, … • Participants from across EE, CS, MS&E, GSB Dan Boneh, David Cheriton, Bill Dally, Abbas El Gamal, Bernd Girod, Ashish Goel, Andrea Goldsmith, Mark Horowitz, Ramesh Johari, Joseph Kahn, Sunil Kumar, David Mazières, Nick McKeown, David Miller, Phil Levis, Balaji Prabhakar, Mendel Rosenblum, Tim Roughgarden. The Stanford Clean Slate Program http://cleanslate.stanford.edu

  15. Wireless (Spectrum) Backbone (Lightflow) Congestion Control (RCP) Backbone (VLB) Security (Ethane) Flow Theory Projects Professors Leonid Kazovsky & Nick McKeown Optical technology promises enormous capacity & low-power Goal is to propose new networks to exploit optical switching Programmable Nationwide Backbone Local Wireless Platform The Stanford Clean Slate Program http://cleanslate.stanford.edu

  16. Wireless (Spectrum) Backbone (Lightflow) Congestion Control (RCP) Backbone (VLB) Security (Ethane) Flow Theory Projects Professors Balaji Prabhakar & Amin Saberi Existing theory lacks details of flow-dynamics and end-to-end semantics Goal is to develop flow-level theoretical models Programmable Nationwide Backbone Local Wireless Platform The Stanford Clean Slate Program http://cleanslate.stanford.edu

  17. Wireless (Spectrum) Backbone (Lightflow) Congestion Control (RCP) Backbone (VLB) Security (Ethane) Flow Theory Projects Professors Andrea Goldsmith & Ramesh Johari Spectrum scarcity is a result of tight, inefficient government control Goal is to propose new approach to spectrum allocation & protocols Programmable Nationwide Backbone Local Wireless Platform The Stanford Clean Slate Program http://cleanslate.stanford.edu

  18. Wireless (Spectrum) Backbone (Lightflow) Congestion Control (RCP) Backbone (VLB) Security (Ethane) Flow Theory Projects Professors Boneh, Mazieres, Rosenblum, McKeown Goal is to propose clean slate architectures for secure networks Programmable Nationwide Backbone Local Wireless Platform The Stanford Clean Slate Program http://cleanslate.stanford.edu

  19. What we’d like Principle 1: Manage network using policy over real names “Nancy can access Payroll” “Laptops can’t accept incoming connections” “VoIP phones mustn’t move” Principle 2: Policy should dictate the path packets follow “CEO traffic should not pass through engineering” “Guest flows must pass through http proxy” “Laptop flows must pass through IDS” Payroll Principle 3: The origin of packets should be known Principle 4: Network should log all connectivity For diagnostics and auditing Nancy The Stanford Clean Slate Program http://cleanslate.stanford.edu

  20. Today “Everyone who is not Nancy cannot access payroll” Q: How to identify them? Q: Where do their packets flow? dns ACL: Jen’s IP, payroll dhcp ACL: Jim’s IP, payroll ACL: Jen’s IP, payroll Jen Principle 1: Manage network using policy over real names “Nancy can access Payroll” “Laptops can’t accept incoming connections” “VoIP phones mustn’t move” Today Payroll Host: a IP: i MAC: m learning spanning tree ospf Nancy Host: b IP: j MAC: n The Stanford Clean Slate Program http://cleanslate.stanford.edu

  21. Nancy • Dynamic bindings • Allocated elsewhere • Not authenticated • Easily spoofed Host: b IP: j MAC: n dns dhcp Problems • Bindings between users, hosts and addresses keep changing, are not authenticated and are chosen elsewhere. • Route is picked elsewhere and is unknown to the manager. And changes. • New entities require many more filters. Change of entity locations requires updating of filters. • Easy to circumvent, hard to diagnose. The Stanford Clean Slate Program http://cleanslate.stanford.edu

  22. Ethane: Design choices • Centralized management • Policy language governs network • All communication requires permission • Secure and track all bindings The Stanford Clean Slate Program http://cleanslate.stanford.edu

  23. “Nancy can access Payroll” “Laptops can’t accept incoming connections” “VoIP phones mustn’t move” “CEO traffic should not pass through engineering” “Guest flows must pass through http proxy” “Laptop flows must pass through IDS” controller dns dhcp Ethane: Taking Control Payroll Host: a IP: i MAC: m learning spanning tree ospf Nancy Host: b IP: j MAC: n The Stanford Clean Slate Program http://cleanslate.stanford.edu

  24. controller Waypoints “Nancy can access Payroll” “Laptops can’t accept incoming connections” “VoIP phones mustn’t move” “CEO traffic should not pass through engineering” “Guest flows must pass through http proxy” “Flows to Payroll must pass through IDS” Payroll Nancy The Stanford Clean Slate Program http://cleanslate.stanford.edu

  25. Ethane: Manageability • Fine-grain control of each flow • Can isolate users, groups, hosts • Can specify waypoints • Can require different forms of authentication for different access points (e.g. stronger for wireless than wired) The Stanford Clean Slate Program http://cleanslate.stanford.edu

  26. Ethane: Many questions • Central controller • Performance & Scalability • Robustness • How to make it easy to use for manager… • …and transparent to user. The Stanford Clean Slate Program http://cleanslate.stanford.edu

  27. Our deployment • 300+ hosts at Stanford: Servers, laptops, desktops, phones. • 19 switches • Hardware, software, wireless • Policy: 132 rules to replicate policy The Stanford Clean Slate Program http://cleanslate.stanford.edu

  28. Lessons so far… • Controller handles >10,000 flows/second • Maybe enough for whole of campus • Multiple ways to handle redundancy • Cold-standby, hot-standby, stateless, stateful • Transparent to users (even remotely at home!) • Diagnostics • Control who can perform diagnostics and see traffic • Journal all bindings: Can tell who sent a packet when. The Stanford Clean Slate Program http://cleanslate.stanford.edu

  29. Flagship Projects #1: Build our own small private programmable backbone

  30. Open Source “Router Kit” Software: Linux/XORP (ICSI) Routing Control & Mgmt Hardware: NetFPGA (Stanford) Hardware Datapath NetFPGA is a Programmable 4 x 1GE “switch” or any packet processor NetFPGA is a PCI card • Program in Verilog • Industry-standard design flow • Contains embedded CPUs • ~$500 for kit • Available June 2007 • For classroom & research Used in CS344/EE384D “Build an Internet Router” and EE109 The Stanford Clean Slate Program http://cleanslate.stanford.edu

  31. Wireless (Spectrum) Backbone (Lightflow) Congestion Control (RCP) Backbone (VLB) Security (Ethane) Flow Theory How would you like to take part? Architectural Blueprint? Programmable Nationwide Backbone Local Wireless Platform The Stanford Clean Slate Program http://cleanslate.stanford.edu

  32. 09:00 - 09:45Nick McKeownIntroduction 09:45 - 10:30Jonathan Turner, WUSTLAn Architecture for a Diversified Internet 10:30 - 11:00Break 11:00 - 11:30Bernd GirodClean Slate Design for Internet Video Delivery 11:30 - 12:00Balaji Prabhakar21st Century Queuing Theory, and Internet Address Allocation 12:00 – 13:30Lunch with Poster Session 13:30 - 14:00William B. Norton, EquinixVideo Internet: The Next Wave of Massive Disruption to the U.S. Peering Ecosystem 14:00 - 14:30Dan BonehA Clean Slate Approach to Web Technology 14:30 - 15:00John MitchellSecurity Analysis of Network Protocols 15:00 - 16:00PANEL (Moderated by Balaji Prabhakar)It's Not Just About the Plumbing Agenda The Stanford Clean Slate Program http://cleanslate.stanford.edu

More Related