1 / 18

Network Architecture and Security Ten Years Out

Network Architecture and Security Ten Years Out. Internet2 Member Meeting; Fall 2005 Deke Kassabian – University of Pennsylvania Mark Poepping – Carnegie Mellon. Of Possible Interest To-. Researchers, CIOs, network & security professional who:

terrythompson
Télécharger la présentation

Network Architecture and Security Ten Years Out

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Architecture and SecurityTen Years Out Internet2 Member Meeting; Fall 2005 Deke Kassabian – University of Pennsylvania Mark Poepping – Carnegie Mellon

  2. Of Possible Interest To- • Researchers, CIOs, network & security professional who: • find that today's networks and tools cannot both meet the needs of general information security requirements and advanced applications. • find that today's network problems and security incidents are increasingly difficult to troubleshoot, due to the complexity of networks with many disjoint, non-coordinated security control points. • are interested in next-gen networks with new capabilities, and that might support advanced high bandwidth and realtime application requirements without sacrificing security.

  3. Outline • A Brief Introduction to Salsa • Introduction to RTP • Related Efforts • The “Why” and “Who” of RTP • Reconnections Workshop

  4. Salsa recap… • Internet2 campus leaders in networking and security who advise on network security initiatives • Focus on technology issues and operational imperatives • Collaboration, cross-membership with EduCause/Internet2 Security Task Force

  5. Salsa Activities • Next Week – Immediate issues (TFN) • Incident Security WG • REN-ISAC focus groups • Next Year – Medium-term improvement (TFT) • netAuth architecture • FWNA – visiting scientist • Next Decade – Long-term issues (RTP) • Reconnections workshop

  6. Salsa RTP:“Rethinking the Problem” • Salsa Working Group exploring some of the problems with today’s model for networking and security • Collaborating with those considering 'clean slate’ design for Internets • First step is a small workshop to explore the possibility of new design principles for future networks

  7. Which Problem are we “Re-Thinking?” Available Security Solutions Internet Design Principles User and Application Expectations You!

  8. Salsa RTP • Exploring problems in today’s model for networking and security • Applications can (partially or fully) fail without feedback to the application or user, because of security policy implemented in firewalls, traffic shapers, etc. • Personal lambdas provide new capabilities, and create new challenges • Problem diagnosis has become much more difficult

  9. New Requirements; New Principles • Collaborating with those considering 'clean slate’ design for Internets • Basic Internet design principles which have served us well for more than 30 years need to be reviewed • New principles that better meet emerging needs for research and advanced applications may emerge • Example: Take a fresh look at the implications of trust fabrics on future network designs

  10. Interact with Other Efforts • Issues, Motivations, Concerns; e.g. • IRTF End-to-End Research Group report • www.ir.bbn.com/~craig/e2e-vision.pdf • SIGCOMM July, 2005 • DARPA Report • http://www.isi.edu/newarch • Research, Design, Experimentation; e.g. • NSF GENI - http://www.nsf.gov/cise/geni • PlanetLab • Manageability doesn’t appear as a requirement elsewhere

  11. Re-thinking Example (1 of 2) • Revisiting basic design principles such as the data plane / control plane model • A general data plane - network core just forwards packets • knowledge of the application is at the edges, in the attached hosts • A parallel control plane used for managing the network infrastructure, without knowledge of the applications being run. • This division facilitates innovation and deployment of new applications • But it has a drawback: the core doesn’t know what the user is trying to accomplish, so it can’t detect when the user is experiencing a failure.

  12. Re-thinking Example (2 of 2) • In 10 years, the Internet should be augmented to provide a linkage between application intentions and network behavior. (above paraphrased from the IRTF e2e report mentioned above)

  13. RTP: Why is Salsa involved? • Campus network and security professionals manage networks today, and feel the pain of being pulled in many directions • As interesting new designs for Internets come to light as research, we’ll be working with researchers to instantiate them • When the time comes to put real people and real applications and real load on new networks to do real work, we’ll be asked to help make that happen • We know something about “Manageability”

  14. Our role from the perspective of… • Researchers: we host and help to provision many of your experiments; we broker the real traffic to the experiment • Funders: we're generally the first to transition the experiment into less friendly environs, and so share in the risk • Vendors: we buy or install and/or manage your products for our enterprises and the researchers with their testbeds

  15. First Effort: “Reconnections” workshop • Fall 2005: explore RTP issues in a small group • Participation • Small, Invitation-only workshop • Principals from other long-term efforts • Network Researchers • Campus Network and Security Architecture and Engineering

  16. First Effort: “Reconnections” workshop • Process & Focus • Working through identification of problems, and long term design approaches to deal with them • Focus on “Manageability” in Enterprise Networks • Consider policy and experience with trust fabric in future designs

  17. First Effort: “Reconnections” workshop • Outcomes and Output • Workshop notes • Whitepaper on early conclusions • Suggestions for follow-up and connections to other efforts

  18. Network Architecture and SecurityTen Years Out Internet2 Member Meeting; Fall 2005 Deke Kassabian – University of Pennsylvania Mark Poepping – Carnegie Mellon

More Related