Active SNMP S. Keshav Cornell University (joint work with R. Sharma

Active SNMP S. Keshav Cornell University (joint work with R. Sharma and M. Wu) OPENSIG Workshop October 6, 1997

Why do we need ambassadors? Telecom revolution Jets

Ambassadors Keep track of local news Can react quickly to local events Summarize and report relevant information Can be “field-upgraded”

Ambassadors and agents Ambassadors – Keep track of local news Agents – Keep track of local routes and multicast information no horizon effect – Can react quickly to local events – Summarize and report relevant information – Can be “field-upgraded” – Can react quickly to local changes in network state – Summarize and report relevant information – Can be upgraded to provide extensible service

Active network Allows computation, in the form of agents, within a network Network can actively manipulate data – filter video layers firewall – transform compress – redirect mobility

Two approaches Active packets – network elements provide runtime environment – extreme Agents in control path – act on passive packets – more likely to succeed – already exists in a rudimentary form (scheduling)

Top-level issues What are agents allowed to do? How do we communicate with them? How do we work with existing infrastructure?

What are agents allowed to do? Effectiveness of an agent depends on – operations it is allowed to perform (execution model) – data it is allowed to see (data model) Data model execution model execution environment Tradeoff between richness of environment, computation cost, and security

How to communicate with them? Isomorphic to the problem of establishing state within networks State is currently established by – signaling – routing – network management Two options – use existing protocols for installing state – new protocol

How to be backward compatible? Subvert an existing protocol Choices – RSVP – OSPF/BGP/RIP – SNMP

SNMP Pros and Cons Cons – clunky (ASN.1, no scoping) – poor security model (communities) Pros – – – – widely available simple extensible well-understood

Active SNMP Execution model Java runtime Data model MIB – exposed as a Java class Snaplets monitor and manipulate MIBs

Where do snaplets run? On the managed object – requires JRE in every managed object – not backward compatible On a proxy ‘close’ to managed object – not quite perfect, but works

Architecture snmplets Get /Set /Get Next Requests Snmplets Manager Active SNMP Proxy SNMPD

Naming and parameter passing Snaplet is embeded in WWW namespace – http://snmp.cs.cornell.edu/snaplets/icmp monitor/ 1/1.0/2/2.45 Snaplet instance is embedded in the MIB – csgate1.cs.cornell.edu:1.3.2.5.6.2.6.1

Some applications Real time control Fine-grained measurement Sophisticated trap generation algorithms Semantic routing – find a path with the most RSVP-compliant routers between a source and a destination.

Discussion Active networks are not a panacea Add complexity, security holes, and overhead But can do some things otherwise impossible Active SNMP is a pragmatic first step Implementation is up and running at Cornell