=================================================== From muhammed@ece.rice.edu Wed Mar 24 22:40:04 2004 =================================================== The paper is about a programmable network layer paradigm which would allow rapid deployment of alternatives to IP at the network layer. The paper does not talk about why there is a need to define new protocols at the network layer. I believe new routing protocols could be tested at the application layer using overlay techniques. The scheme also will be vulnerable to a large number of security problems. Discounting the malicious capsule code problem (which can be addressed though language safety and resource constraining), it is still vulnerable to attacks such as DoS because of soft state creation at the forwarding nodes. What if a malicious node defines and distributes a large number of "bogus" protocols? Nodes will load those protocols and new genuine protocols will be rejected because of resource exhaustion. IP does not create softstate at the intermediate nodes and hence does not have this problem. What if a node hears a new protocol being distributed and quickly distributes (using IP...because IP forwarding seems to propagate packets much faster than this scheme) some totally different processing routines for that protocol to other nodes? Those nodes will reject the genuine program definition capsules because it is "already defined". Moreover such a scheme will exhibit lower throughput compared to IP. IP packet switching can be almost entirely implemented in hardware. But due to softstate creation it is not easy to implement this scheme in hardware. The examples which show possible uses of the scheme namely, mobility support and multicating are solved by Mobile IP and overlay multicast respectively. The ANTS scheme seems to be a platform to support network layer protocols which do not promise high throughput. =================================================== From ahae@cs.rice.edu Thu Mar 25 12:04:58 2004 =================================================== The authors present ANTS, a new infrastructure for deploying new protocols in large-scale networks. Routers and end nodes are replaced by active nodes, which are capable of executing custom protocol code. Each packet contains an identifier for a particular protocol; the code for that protocol is executed by each node along the path. New protocol code is loaded on demand using a code distribution mechanism. The main issues I see with this approach are performance and protection. Executing custom code for each packet leads to a considerable overhead, which is unacceptable in the core network where millions of packets are forwarded every second - especially since optimized hardware could no longer be used. Also, keeping per-connection 'soft state' in the network is not only very expensive, but also conflicts with the fate-sharing principle, which is a fundamental part of the Internet design. In terms of protection, it is hard to see how a network provider could be motivated to run arbitrary foreign code on his routers. There is a multitude of possible Denial-of-Service attacks, e.g. by flooding the infrastructure with new protocols, and the paper does not adequately address the question of protocol interaction (can isolation be guaranteed?). Unlike overlay networks, a system like ANTS would have to be widely deployed before it becomes useful. However, while the system is obviously appealing from a research perspective, I do not see a real-world 'killer application' that would help justify the necessary investments by the network providers. =================================================== From gulati@is.rice.edu Thu Mar 25 12:14:20 2004 =================================================== ANTS: A toolkit for building and dynamically deploying network protocols This paper is motivated by the problem of slow deployment of new network protocols even after they have been proved to be useful in experimental systems. The current process of network protocol deployment is complex, difficult, needs backward compatibility and standardization. The paper presents the following new approach to deploying new protocols: 1. packets are replaced by capsules that will carry the information required to process them. 2. Forwarding Code can be dynamically loaded at a router from previous nodes 3. Code can be cached and made to work in a restricted environment using programming languages techniques. Finally authors implemented two well known extensions to IP - mobile IP and multicast in their prototype implementation which is done in java and runs as a user module to machines. I believe that the idea of dynamically loading protocols is good and is usable for small experimental networks. It adds extra failure modes/points to the already complicated network. Now the packet drop can be because of non-availability of forwarding code and not due to congestion( which is used as a signal for congestion for TCP). Also the flexibility and programmability reduces the throughput of the network. Other than these there are some security concerns about running any forwarding code on a router that provides more options to hackers for breaking the network. In my view the solution should be more restrictive and should go through a central authority at some level which can then deploy any protocol dynamically given the required infrastructure. -Ajay =================================================== From santa@rice.edu Thu Mar 25 15:39:32 2004 =================================================== ANTS: A Toolkit for Building and Dynamically Deploying Network Protocols ANTS is an architecture for dynamically deploying network protocols. It attempts to address a very important issue plaguing the network protocol community - deployment. It views the network nodes as part of a distributed programming system, albeit a restrcited one. It uses the concept of mobile code, with safety mechanisms through java sandboxing. A nice property of this scheme is the transfer of mobile code only along the data path, which is very efficient for code distribution. Then mobility and multicasting is very elegantly supported in their framework. The use of ANTS in actual real-life seems a suspect. The forwarding path will be very slow compared to the high-speed hardwired forwarding performed nowadays. It will be like having the network stack running in the user level, and implemented in java. A potential restriction seems the fact that capsules belonging to one protocol cannot create or modify another type of capsule. The interaction with IP was very vaguely described. The fact that the requested code has to be present in the previous node might not hold true - they assume that the capsule will execute the same code at every intermediate hop. This severely restricts how the capsule can be changed while processing.