Homework #11 - Architecture - Due Monday March 9, 1PM

Turn in this assignment via email (vern@berkeley.edu) by the due date, with the term Homework in the Subject.
In networking, the notion of "architecture" refers to the overall structure of how and where functionality is allocated/realized. This includes the abstractions that the structure aims to provide, the mechanisms that implement the abstractions, and the related notions of what types of state exist, where state resides, and how it is managed. One of the abstractions often concerns the design of naming, which can govern what sort of relationships the architecture allows users to express.

For example, in the Internet's current architecture, the decision to divide functionality into particular layers (Physical/Link/Internet/Transport/Application) and the services those layers provide reflect architectural choices. So does its naming, such as the design of IP's addresses - what they mean (i.e., identifying a network interface) and how they are structured (number of bits; prefix hierarchy to facilitate routing; multicast and broadcast functionality; blocks reserved for private networks; no enforcement of source address validity).

For another example, the architecture of TCP is that it provides the abstraction of (1) byte-stream based communication between a pair of peer processes, (2) that is reliable in the presence of packet loss, reordering, duplication, and (3) stable in the presence of congestion. Its mechanisms include the use of sequence numbers, acknowledgments, a 3-way handshake for reliable connection establishment and option negotiation, and a transmission-rate control algorithm for managing congestion. Peer processes are named by IP address / port pairs (thus, the architecture does not support migration of connections when a system's IP address changes).

Architecture often has significant implications for how well the network can perform various tasks, including security considerations. As you do this assignment, keep this notion in mind. Important: try not to overly focus on specific mechanisms used to achieve architectural functionality. The heart of an architecture is its abstractions.

Read the paper Ethane: Taking Control of the Enterprise, Martin Casado et al., SIGCOMM 2007

  1. Briefly write up your views of:

    1. What are the main contributions of this paper?

    2. What parts of the paper do you find unclear? (optional)

    3. What parts of the paper are questionable? (That is, you think a conclusion may be wrong, an approach or evaluation technically flawed, or data ill-presented. Hint: pay attention to the figures in the paper!)

  2. Devise and frame a particular architectural approach for addressing a specific network security issue. The issue you tackle needn't have anything to do with those explored in the paper, and can be narrow or broad in scope. However, try to be sure that your approach is architectural, rather than simply a particular mechanism. That is, it should concern underlying abstractions/abstract notions, and placement of functionality and state.

    Feel free to think boldly! In particular, you should not worry about ensuring backward compatibility or incremental deployment (though you should identify whether or not your scheme has these properties in part (7) below).

    1. Briefly describe your overall approach.
    2. What are the abstractions in your approach?
    3. What sort of mechanisms and state does your approach use, and where do you place them?
    4. What are your approach's strengths and weaknesses?

    5. Be prepared to briefly talk about the approach in class.