The deployment of new network architectures, services, and protocols is often manual, adhoc and time consuming. In this paper we introduce "spawning networks", a new class of programmable networks that automate the life cycle process for the creation, deployment and management of network architectures. These networks are capable of spawning distinct "child" virtual networks with their own transport, control and management systems. A child network operates on a subset of its "parent's" network resources and in isolation from other spawned networks. Spawned child networks represent programmable virtual networks and support the controlled access to communities of users with specific connectivity, security and quality of service requirements. In this paper we present a framework for the realization of spawning networks based on the notion of the Genesis Kernel, a virtual network operating system capable of creating distinct virtual network architectures on-the-fly. We discuss the motivation and principles that underpin spawning networks and focus on the design of the transport, programming and life cycle environments, which comprise the main architectural components of the Genesis Kernel. 1.

Abstract—Bowman is an extensible platform for active networking: it layers active-networking functionality in user-space software over variants of the System V UNIX operating system. The packet processing path implemented in Bowman incorporates an efficient and flexible packet classification algorithm, supports multi-threaded per-flow processing, and utilizes real-time processor scheduling to achieve deterministic performance in userspace. In this paper we describe the design and implementation of Bowman; discuss the support that Bowman provides for implementing execution environments for active networking; discuss the network-level architecture of Bowman that can be used to implement virtual networks; and present performance data. Bowman is able to sustain 100 Mbps throughput while forwarding IP packets over fast Ethernets. I.

Packet classification is the problem of matching each incoming packet at a router against a database of filters, which specify forwarding rules for the packets. The filters are a powerful and uniform way to implement new network services such as firewalls, Network Address Translation (NAT), Virtual Private Networks (VPN), and per-flow or class-based Quality of Service (QOS) guarantees. While several schemes have been proposed recently that can perform packet classification at high speeds, none of them achieves fast worst-case time for adding or deleting filters from the database. In this paper, we present a new scheme, based on space decomposition, whose search time is comparable to the best existing schemes, but which also offers fast worst-case filter update time. The three key ideas in this algorithm are as follows: (1) innovative data-structure based on quadtrees for a hierarchical representation of the recursively decomposed search space, (2) fractional cascading and precomputation to improve packet classification time, and (3) prefix partitioning to improve update time. Depending on the actual requirements of the system this algorithm is deployed in, a single parameter can be used to tradeoff search time for update time. Also, this algorithm is amenable to fast software and hardware implementation.

Routers must perform packet classification at high speeds to efficiently implement functions such as firewalls and diffserv. Classification can be based on an arbitrary number of fields in the packet header. Performing classification quickly on an arbitrary number of fields is known to be difficult, and has poor worst-case complexity.

ABSTRACT Recent efforts to add new services to the Internet have increased the interest in software-based routers that are easy to extend and evolve. This paper describes our experiences implementing a software-based router, with a particular focus on the main difficulty we encountered: how to schedule the router's CPU cycles. The scheduling decision is complicated by the desire to differentiate the level of service for different packet flows, which leads to two fundamental conflicts: (1) assigning processor shares in a way that keeps the processes along the forwarding path in balance while meeting QoS promises, and (2) adjusting the level of batching in a way that minimizes overhead while meeting QoS promises. 1.

This paper describes an operating system interface for active routers. This interface allows code loaded into active routers to access the router's memory communication and computational resources on behalf of different packet flows. In addition to motivating and describing the interface the paper also reports our experiences implementing the interface in three different OS environments: Scout the OSSit, and the exokernel.

This paper evaluates the performance of emerging network processors---in particular, designs that employ multiple hardware contexts to hide memory latency--- in constructing IP routers. Such processors are designed to forward minimum-sized IP packets at line speeds, with the advantage (over ASIC-based solutions) of being programmable. However, programming such network processors involves two challenges. The first is how to effectively employ the multiple contexts in a way that fully utilizes the memory bandwidth. The second is how to allow the network processor to be programmed dynamically (so it can support new functionality) without violating the processor's tight timing constraints. This paper addresses both of these challenges on a prototype board that uses the IXP1200 network processor. We demonstrate that it is possible to support 8100Mbps ports with enough headroom to access up to 224 bytes of state information for each minimum-sized IP packet. 1 Introduction There is signifi...

Abstract—Currently, the design, deployment and refinement of new network architectures is a manual, ad-hoc and time-consuming process. We present the design, implementation and evaluation of the Genesis Kernel, a programming system that automates the life cycle process for the creation, deployment, management, and architecting of network architectures. We discuss our experiences in building a spawning network that is capable of creating distinct virtual network architectures on-demand. The Genesis Kernel is based on a methodology that allows a child virtual network to operate on top of a subset of its parent’s network resources and in isolation from other spawned virtual networks. We show through experimentation how a number of diverse network architectures can be spawned and architecturally refined. These spawned network architectures include a parent network that supports IP forwarding, and interior and exterior routing. We discuss how two child networks based on Cellular IP and Mobiware architectures can be spawned on the parent network to support wireless access to data and continuous media services, respectively. Keywords—programmable virtual networking, spawning, service creation I.

IP multicast is an efficient point-to-multipoint distribution mechanism. However, there are a number of scenarios in which a reverse, multipoint-to-point aggregation mechanism is highly desirable. We introduce a programmable mechanism, called gathercast, to support the aggregation of packets without altering any of the routing or forwarding mechanisms of the Internet. Gathercast is based on active services framework and can be deployed incrementally. It works well within the current IP multicast model. We have implemented it in our own network. One of the aggregation mechanisms that we study in this paper is the combination of small packets using gathercast. Small packets constitute a large fraction of packets in today's Internet. Every packet requires a routing table lookup at every router and incurs the same performance cost irrespective of the size of the packet. Gathercast allows for car pooling, in which multiple small packets to the same destination are combined into a larger pac...

We consider an algorithmic problem that arises in the context of routing tables used by Internet routers. The Internet addressing scheme is hierarchical, where a group of hosts are identified by a prefix that is common to all the hosts in that group. Each host machine has a unique 32-bit address. Thus, all traffic between a source group s and a destination group d can be routed along a particular route c by maintaining a routing entry (s, d, c) at all intermediate routers, where s and d are binary bit strings. Many different routing tables can achieve the same routing behavior. In this paper we show how to compute the most compact routing table. In particular, we consider the following optimization problem: given a routing table with N entries of the form (s, d, c), determine a conflict-free routing table with fewest entries that has the same routing behavior as D. If the