Design and Implementation of a Python-Based Active Network Platform for Network Management and Control
- Florian Baumgartner
- Institute of Computer Science and Applied Mathematics
- University of Bern
- Department of Computer Sciences
- Purdue University
Motivation
- Development of a platform especially for the purpose of network configuration.
- The system's focus is not the development of huge distributed systems, but a lightweight, easy to use framework to adjust TC systems or to collect information within the network.
- To provide as much flexibility and modularity as possible.
- Integration of existing applications/libraries.
Why Python ?
- Properties like most modern interpreted languages
- portable bytecode, OO (not only), restricted execution environments
- Advantages of Python:
- Prototyping language supporting high level data types -> rapid prototyping. (glue language)
- Python is very extensibility
- seamless and flexible integration of native code modules.
- even modifications of Python internals are possible.
- Python programs are three to five times smaller than in Java.
PyBAR Architecture
- PyBAR is more a framework, which can be adapted by integrating modules from a module pool. (e.g. encryption, resource control)
- Packets may contain code or can be directly processed by a service handler.
- Native modules allow a complete “Python-free” processing of packets.
- Thin NodeOS uses various kernel interfaces (tc, filtering). Modules provide high level functionalities.
- (One PyBAR can control multiple routers.)
Addressing & Packet Transport
- Direct UDP/IP
- Addressing of a specific device
- Router Alert
- processing overhead in conventional routers
- DSCP to trigger packet execution
- can be used for direct addressing or for processing along a certain path.
- DSCP can also be used to avoid loss of active packets in not-active routers
- no processing overhead in not-active routers
- generic packet filter
PyBAR Packet format
- PyBAR does not rely on a specific packet type (future system might use ANEP).
- Packet processing is left to the core. The current, very simple packet type is used to cause as less overhead as possible.
Security
- limited user group (administrators, daemons)
- Security modules to provides authorization/encryption mechanisms.
- Current security module is based on the RSA reference implementation and provides a high level interface for applications.
- Modular approach allows to realize different security concepts.
- Packets are processed in restricted execution environments.
- resource control by monitoring execution.
Differentiated Service Support
- no built in DS support (e.g. by the NodeOS)
- Differentiated Service support by extension module.
- support for heterogeneous platforms (UniBe DS, VR) and networks
- can be easily replaced
- can provide a high level API instead of defining only fundamental commands.
Application
Tunnel Endpoint Discovery
- Problem:
- Tunnel set up process is sender driven, a matching end point is required.
- If the receiver is not capable to handle the tunnel, an upstream node should be used.
- Solution:
- Inject active packet with search pattern (decryption mechanisms).
Application
Tunnel Endpoint Discovery
- Requests property list from router.
- If property list contains requested capabilities, a feedback packet is sent back to the tunnel start point.
- Tunnel start point may choose among the most appropriate end point.
A Short Glance on Performance
A Simple Active Multicast Service
- Classical active multicast example.
- Send packet with multiple addresses.
- Packet is processed by service handler within the PyBAR.
- pure Python SH
- Python free SH
A Short Glance on Performance
Packet Rates
- UDP based, configurable video sender as traffic source.
- C++ version causes very limited overhead.
- Measurements with C++ limited by 100Mbps inbound /outbound link
Summary & Conclusion
- Python is less application and more prototyping oriented than Java. Support for rapid development of applications.
- It can provide modularity and allows to transparently integrate native code.
- The modular approach of the PyBAR allows to quickly integrate new concepts (e.g. for security) and to build specialized systems.
- Performance: Python-free processing path provides reasonable performance.