Академический Документы
Профессиональный Документы
Культура Документы
Whos taka?
A Ph.D. student
Working with Dr. Mosse' Semantics-aware Control of Medical Network Virtualization of network I/O on end-host OS
Privileged Instructions Lack of Resource Protection Model Static Configuration Flat Queue Structure
What can we do ?
Fundamental Problem
Before
AFTER
nice + renice
Before
AFTER
Hierarchical Management
Example 1 : netnice
pid = 1234
512Kbps
Example 2 : sh
sh ftp
2Mbps
libpcap
Diverting Interface
BPF&libpcap Compatible
Intermission
- Project Status -
Taka
Netnice ORG
an Opensource Project
Kernel Development
FreeBSD 4 Linux NetBSD OpenBSD FreeBSD 5 MacOS X Windows 97% 50% 70% 80% 90% 5% 1%
Applications
Firewall Builder Netnice Daemon 3D-tcpdump Apache module inetd
Rule Code
Rule Builder
Root VIF
netniced
11Mbps
Wireless Network
3D-TCPDUMP
3D Network Analysis/ Visualization Tool
libpcap
ctrl
Apache: mod_netnice
inetd
inetd # cat /etc/inetd.conf ftp tcp ftpd -l telnet tcp telnetd @32K/sec shell tcp rshd @32K/sec ftp telnet
# inetd @1Mbps #
1Mbps
32Kbps
Got bored?
Existing Primitives
Traffic Management tool for system administrators
Privileged Instructions Lack of Resource Protection Model Static Configuration Flat Queue Structure
Each primitive has particular objective, and had control application just for that particular purpose
Research
TOPICS
Architecture Compiler Algorithm Operating System Artificial Intelligence
Architecture
Dynamic Extension of Protocol Stack by Virtual Machine technology
VM
VM
VM
Performance?
Compiler
Compiler for High-performance Firewall
Firewall Instrumentation
Filter Rule
BPF code IA32 code packets NIC if (p[12:4] == 0xa209e081) return accept; else return reject;
Algorithm
Distributed Caching and Traffic Control Algorithm for Fermi FS
L2 worker
Storage
L1 Buffer
On-line Jobs
1 job / 396ns
n = 96
Operating System
Coupled Scheduling Mechanism for CPU and Network
Artificial Intelligence
Traffic Control based on Semantics analysis of on-going communication
Node
Straightforward Approach
? ?
Encripted Payload
Stateful Inspection
Encripted Payload
Stateful Inspection
What if the end-nodes attach semantics information they analyze onto each packet?
What if we prepare fair agents, and let the end-users select one for semantics analysis?
? || /* */