Smart Active Node - Building an Active Node

Smart Active Node


Pentagon supposed that programmable networks, namely Active Networks, will supersede the role of IP protocol. It was based on the fact that Active Networks have serious advantages over IP by design. However, the research on active networking gradually ceased down as DARPA cut funding. As we were motivated by research interest in the network architecture, we continued the research. In this paper, we present architectural changes that shift active networking closer to a productive use.

Introduction to Programmable Networks

Programmable network is capable of performing actions, whose specifications were not known in the time of its deployment. Using program code, it is possible to teach the network new things – i.e. to tailor it to particular needs.

Active Networks are an example of programmable networks. The active networking concept came up from discussions within Department of DARPA community. The goal was to design a network that will overcome the problems and limitations of existing, traditional networks such as IP. Some of key problems were identified as follows:

Let us consider IP-based network as a representative of traditional, passive networks. The first and apparent disadvantage is the need for global consensus as it results into overall inflexibility of passive networks. A textbook example is IP protocol, version 6, itself. Each data unit in a network flow is composed of two parts – header and payload. While the payload contains user-defined data, header contains information on how to process the data unit. If involved nodes do not understand the header, it is impossible establish the network flow. At the Network/Internet level, we can name IPv4, VLAN encapsulation and IPv6 headers.

As long as global consensus is achieved, or a standard enforced, to sufficient number of network nodes, the problem de-facto remains unsolved in a passive network. Active networks are spared of this drawback as each data unit is associated with an executable code. This code defines what how to handle the data unit. Therefore, every node is able to process the data unit in active networks. New protocols can be deployed immediately and thus the network can be tailored to user’s needs. Only two things are needed to be standardized – execution environment for the code and code distribution protocol.

The important problem of active network is that proof-of-concept implementations were not effective and secure enough. Although we do not expect a radical turn from IP to active networks, yet we present architectural changes to deal with the problem. We do not see a reason why IP cannot become programmable one day and therefore benefit from such research. In fact, programmable approaches keep appearing so it is reasonable to assume that IP will accommodate such functionality one day.

Motivation and Goals

Programming the network is not a new idea. On the field of distributed computing, one may recall the Worm load-sharing method. To utilize workstations not in use, a computer program replicated itself over the network. De facto, the nodes were taught a new functionality. Later on, grid computing and mobile agents came on the stage. End user developed a custom program that was run subsequently on available and/or contracted nodes. After active networks, NASA proposed Intelligent IP. The concept is very similar to active networks.

Given examples present an approach that is recognized as useful, not harmful activities. Today, viruses already use Internet as a programmable network. Zombies, i.e. computers infected with bots, accept commands remotely over the Internet. The bot is the new functionality the network node has learned, although without user’s knowledge. So, computer users deploy firewalls and anti-viruses, while the “nice” software still uses non-programmable IP. Although it is not in IP specification, IP distributes the harmful code thanks to errors in networking software. On contrary, active network design clearly recognize this possibility. Instead of relying on ad-hoc solutions, it combats the potentially harmful code at the system level, while offering advanced functionality the "bad" software already uses. Viruses prove us that it is possible to use programmable network on a large scale.

Internet is a conservative endeavor for a reason, and therefore there is a little desire to change, what is considered to be working fine, unless it is necessary. Therefore this paper stresses the research part of active networking rather than discussing possible integration into the IP protocol specification.

There are two important issues, which must be solved prior a productive usage of active networks. One of them is security. As the code may come from any source, it cannot be executed without a proper inspection and a sand-boxed execution environment. This is a highly processor-time consuming task. Multiply it with a number of packets flowing through an Internet router and you'll get a significant speed slow-down.

We consider security and efficiency as two important reasons, which prevent active network deployment despite their advantages over IP. Goal of this project is to present a solution to both issues, but not limited to.

Active Network Fundamentals

In the bottom, there is a so called NodeOS. It is either a standard operating system such as Linux or Windows, or it is a specifically written operating system such as JanOS. In IP networking, we could name Cisco's IOS.

On top of the NodeOS, there are so-called execution environments. Each environment handles one specific notation of program code. Ants, BEES, Magician and SAN use Java byte code. However, proof of the concept for load redistribution in active network, called Grade32, uses native x86 code.

A process in execution environment is either an active application, or a capsule. The capsule supersedes packet and the active application injects then capsule into the network. If an implementation allows it, the capsule can e.g. replicate itself by inject another capsule into the network. Moreover, with SAN a Grade32, the capsule can inject an active application into the node. This approach was necessary for Grade32 to implement process migration in a distributed environment and it is not found in the original implementations such as Ants and Magician.

In the recent implementations, each capsule contains a reference code that could be run at each network node, the capsule visits. Capsules of a basic code distribution protocols are an exception to this.

In active networks, you do not need to pre-install particular software in the network first. The code distribution protocol distributes any code that capsule, or injected active application may need to run. The basic code distribution protocol needs to be standardized, thanks to access rights SAN allows development of additional, e.g. experimental, distribution protocols.

Smart Active Node

To design a novel method for load redistribution in a distributed environment, it was necessary to choose the environment. Active networks were the choice. The result is a method that adapts to any network topology and any communication topology of distributed application. For method’s development, Grade32 active network server was developed. Although it dealt with speed by using x86 native code, it did not focus on security.

Since the method allows advanced features, which are not possible in a plain IP environment. Therefore, project SAN, Smart Active Node, started. It is pointed towards a research on what architecture changes to active networks are needed to benefit from programmability on a large scale networks.