D. Wetherall, "Active Network Vision and Reality: Lessons from a Capsule-Based System," 17th Symposium on Operating Systems Principles," (December 1999).
Active Networks are a novel approach to network architecture in which customized programs are executed within the network at various network elements along the path to the destination. The source node is empowered to run routines on various active node on its path to the destination which not only aids in experimenting new Internet services and facilitates their easy deployment but also enables dynamic routing on a per-application basis. Various performance and security issues that may result from the execution of untrusted and mobile code are dealt by ANTS as follows:
- Security Issues: Constraints have been placed on the forwarding routine disallowing changes in path and certification by a third party CA is required to impose additional security. Further, hashes are used to perform integrity checks.
- Performance Issues: Upper limits are placed on the size (16 KB) and running time on the subroutine codes for security as well as performance purposes. Further, ANTS active network toolkit also uses active caching and loads code on-demand before execution.
Overall, this seems like a great idea. It gives the source node the ability of dynamically choosing the best suited forwarding routine on a per-application basis. No doubt, this service needs to be deployed in an incremental fashion in the Internet, something that the author did not address explicitly. However, despite being a good clean slate design idea, it raises quite a few issues:
- Violation of strict end-to-end principle. Does the performance increase justify this?
- Limitations on the type of services due to size and runtime limitations on code execution.
- Security issues arising from execution of third party code still remain a concern. I personally felt that relying on third party certifying authority was not very clearly explained. Moreover, even though limits were placed on size and runtime of code, the system may be still vulnerable to coordinated attacks which have DDoS like nature.
- Maybe I missed it, but I failed to see if there would be any incentive to the ISP to allow active node routers in the path.
I really like your bullet #4. I think Active Networks are real, but they are being developed by router vendors like CISCO to incorporate more functionality on the one hand (more "app specific" packet processing like IDS and Firewalls) and by ISPs to deploy such features (or at least QoS and/or packet accounting) to distinguish their offerings from others. Embedding security at the packet stream level has also been a "killer" application in some environments like the military and financial services. There is a lot there, but I think DW was mainly concerned with support for arbitrary third parties developing capsule code.
ReplyDelete