OPERA: An open-source extensible router architecture for adding new network services and protocols

In this paper, we present the design and implementation of a programmable and extensible router architecture. The proposed architecture not only provides the conventional packet forward/routing functions, but also the flexibility to integrate additional services (or extension) into a router. These extensions are dynamically loadable modules so one can easily deploy new services, such as reliability and security enhancement, onto the router in a dynamic and incremental fashion. To avoid new extensions that may monopolize system resource and degrade the performance of normal packet forwarding/routing function, we propose a novel CPU resource reservation scheme which facilitates the efficient use of resources and increases the stability of extension execution. To illustrate the ''extensibility'' and ''effectiveness'' of the proposed architecture, we present the results of a new service, namely, how to perform ''Distributed Denial-of-Service (DDoS) attack traceback''. In particular, we illustrate the deployment of the probabilistic marking in performing IP traceback. Note that this approach requires the collaboration of routers so that effective traceback can be performed. Currently, the programmable router platform is released as an open source and we believe the system provides an ideal platform for researchers to experiment and to validate new services and protocols.

[1]  David K. Y. Yau,et al.  Defending against low-rate TCP attacks: dynamic detection and protection , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[2]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[3]  Jason Nieh,et al.  Virtual-Time Round-Robin: An O(1) Proportional Share Scheduler , 2001, USENIX Annual Technical Conference, General Track.

[4]  Jerry R. Hobbs,et al.  An algebraic approach to IP traceback , 2002, TSEC.

[5]  John Viega,et al.  Network Security with OpenSSL , 2002 .

[6]  Rayford B. Vaughn,et al.  An empirical study of industrial security-engineering practices , 2002, J. Syst. Softw..

[7]  David K. Y. Yau,et al.  You can run, but you can't hide: an effective statistical methodology to trace back DDoS attackers , 2005, IEEE Transactions on Parallel and Distributed Systems.

[8]  David K. Y. Yau,et al.  You can run, but you can't hide: an effective methodology to traceback DDoS attackers , 2002, Proceedings. 10th IEEE International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunications Systems.

[9]  Ellen W. Zegura,et al.  Bowman: a node OS for active networks , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[10]  Sheldon M. Ross,et al.  Stochastic Processes , 2018, Gauge Integral Structures for Stochastic Calculus and Quantum Electrodynamics.

[11]  Cheng-Fa Tsai,et al.  A novel algorithm for multimedia multicast routing in a large scale network , 2004, J. Syst. Softw..

[12]  Larry L. Peterson,et al.  A dynamic network architecture , 1992, TOCS.

[13]  Bernhard Plattner,et al.  Router plugins: a software architecture for next generation routers , 1998, SIGCOMM '98.

[14]  Ion Stoica,et al.  Earliest Eligible Virtual Deadline First : A Flexible and Accurate Mechanism for Proportional Share Resource Allocation , 1995 .

[15]  Heejo Lee,et al.  On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[16]  Aaron Striegel,et al.  Dynamic class-based queue management for scalable media servers , 2003, J. Syst. Softw..

[17]  Eric Rescorla,et al.  SSL and TLS: Designing and Building Secure Systems , 2000 .

[18]  David K. Y. Yau,et al.  Composition of Java-based router elements and its application to generalized video multicast , 2004, IEEE Network.

[19]  Eddie Kohler,et al.  The Click modular router , 1999, SOSP.

[20]  David K. Y. Yau,et al.  Resource management in software-programmable router operating systems , 2001, IEEE J. Sel. Areas Commun..

[21]  Yitzchak M. Gottlieb,et al.  Building a robust software-based router using network processors , 2001, SOSP.

[22]  Eddie Kohler,et al.  Programming language optimizations for modular router configurations , 2002, ASPLOS X.

[23]  Binoy Ravindran,et al.  Proactive QoS negotiation in asynchronous real-time distributed systems , 2004, J. Syst. Softw..

[24]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).